Hey @hubca, thanks for reading.
It doesn’t cover the scenario you describe because that’s not really the responsibility of the API. It consumes the access token but is not responsible for fetching new ones when they expire.
That would normally be the responsibility of the thing that calls the API, like a web application, SPA, etc. Building that application is out of the scope of this article.