OAuth token refresh is not checking if the user is deactivated
Summary
The token refresh logic is not checking if the user is deactivated, It is refreshing the token successfully.
Steps to reproduce
After deactivating a user a request to refresh the token will succeed. (/api/v3/oauth/token)
Platform information
OAuth
What is the current bug behavior?
The request is successful, with a 200 status and a new set of tokens.
What is the expected correct behavior?
It should return 401 since the user is deactivated.
Relevant logs and/or screenshots
Possible fixes
TBD