following some of your suggestions I designed an application composed of a:
1- frontend web application
2- backend REST API

The frontend has a servlet-proxy to the backend REST API to avoid cross domain problems.

TheĀ backendĀ has a bearer-only configuration.

Everything is working until the token does not expire, I tried to force refresh when I recieve 401 status but it does not work.

What is supposed to be done every time the access tokes expires?