Hello, I have implemented an org.keycloak.adapters.AdapterTokenStore, like the existing ones, for example: - org.keycloak.adapters.jetty.core.JettyCookieTokenStore (from keycloak-jetty-core 3.1.0.Final) - org.keycloak.adapters.jetty.core.JettySessionTokenStore (from keycloak-jetty-core 3.1.0.Final) The purpose is that these AdapterTokenStores refresh the current access token with the refreshToken they have stored, and then update the org.keycloak.adapters.RefreshableKeycloakSecurityContext (see refreshExpiredToken() of this context) with a new token. All of this is triggered thanks to the checkCurrentToken, called in org.keycloak.adapters.jetty.core.AbstractKeycloakJettyAuthenticator. The trouble is that the current "Authorization" header of the Request object is not updated with the new token. Therefore, even if the security context has a new token, the current request failed because of the old token that is still in the Authorization header (the check is done in BearerTokenRequestAuthenticator.authenticate(HttpFacade exchange)). Any idea how to solve this issue? Does it mean the request must be done twice even if the token is refreshed? Otherwise, the alternative I see is to have a proxy that will be in charge of refreshing the token by modifying the request header. Thanks!