[keycloak-user] Exception after changing roles

Hi, I have been doing some experiments with Keycloak and encountered a problem: If a user is logged in and her client role mappings are changed in the admin UI, why is an exception thrown "User no long has permission for client role OLD_ROLE" when the token expires and the refresh token is used to acquire a new one? I was expecting the new token to contain the new set of roles, but instead got this error. Thanks for your help! Best regards, Thomas