Hello. If I request the `userinfo` endpoint with an expired token, I get a `400 Bad Request` response from Gluu Server. The [documentation](https://gluu.org/docs/ce/3.1.4/api-guide/openid-connect-api/#requestuserinfoget) seems to indicate that I should rather get a `401 Unauthorized` response. # Example The following request is sent to the Gluu Server ``` GET http://example.com/oxauth/restv1/userinfo Content-Type: application/json Authorization: Bearer <EXPIRED_access_token> ``` I get a `400 Bad Request` response with the body ``` { "error": "invalid_token", "error_description": "The access token provided is expired, revoked, malformed, or invalid for other reasons. Try to request a new access token and retry the protected resource." } ``` As mentioned, I'd expect a `401 Unauthorized` response with the same body as above in the case of the endpoint being requested with an expired access token, which also seems like it would be more in line with the specification for [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError) and [OAuth2](https://tools.ietf.org/html/rfc6750#section-3.1). If any more information is needed, please let me know.