Do not invalidate the previous refresh token after refresh

[dblock]

A call to oauth2/token with grant_type: refresh_token will invalidate the previous refresh token. If the newly obtained token cannot be saved (say because of an intermittent infrastructure problem) there's no longer a way to obtain a refreshed Bearer token for the caller. The only way is to re-authorize that involves the user.

It should be possible to obtain a new refresh token with any (or at least some) prior valid refresh tokens.