According to our documentation:
unauthorized(401): represents an invalid token. If the TrueLayer token is expired, refreshing it should fix it. Otherwise, the end-user must re-authenticate.
unauthorizederrors may also happen if there are too many token refreshes prior to another request (balance, transactions, etc). This can mix up the
access_tokenused in the request. Only the last
access_denied(403): the user is successfully authorised but does not have permission to the particular request.
Both issues do not happen during a token refresh, only when requesting data (accounts, balances, transactions, etc). For token refresh errors, check invalid_grant.