Is this behaviour passed the app store review? As in my case also we are just verifying the user and not further requesting the refresh/access token from Apple.