I hope someone might be able to help point me in the right direction for sporadic issues we're having with refresh tokens in our app:

GuzzleHttp\Exception\ClientException: Client error: `POST https://api.fitbit.com/oauth2/token` resulted in a `400 Bad Request` response: {"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid

Of the 100+ users that have connected to Fitbit, only 10 have so far experienced this issue, but i'm finding it impossible to tell if those users have revoked the access token on their end, or if something else if happening that might keep affecting more and more users.

Our logic is as follows:

1. The user connects via an oAuth process and we store their access_token and refresh_token in our database
2. Every 12 hours, our sync highlights their account and starts a sync.
3. If the (stored) expires_in / expires_at is in the past, we force a token refresh using the refresh_token, storing and using the new token.
4. We try to grab the last x days totals from the Fitbit api to sync to our database.
5. If the above failed with a status code of 401, we force a token refresh using the refresh_token, storing and using the new token.

As far as I can see, the code and logic is as intended, and tests with my own Fitbit account work fine. 

Any advice would be greatly appreciated. I've emailed Fitbit but have not heard back at all.