I belive we've come across the Heisenbug re Cookies for the 2nd time now. When refreshing the access token and signing in a new ClaimsIdentity using the OWIN Authentication, it stops adding new refresh tokens to the Identity after the 2nd or 3rd call to SignIn. Hence, the following request to refresh fails, as we have an old refresh token stored in our local cookie. Niiiiice