i see the config regarding the

sessionExpiredStatusCode

one thing that's not clear to me is how the token refresh flow works given that the sdk is trying to control part of this