Re-assigning it back to me. I was able to replicate it.
It's fixed in latest 4.2.2, you can take war from here:
https://ox.gluu.org/maven/org/gluu/oxauth-server/4.2.2-SNAPSHOT/oxauth-server-4.2.2-SNAPSHOT.war
If you have latest 4.2.1 then it should be safe to just stop oxauth, replace war and start it.
Sungho, would you please try it and confirm it works as expected ?