Initally I'm getting the first Authorization with GET - https://www.strava.com/oauth/authorize -> scope = activity:read_all using the access token and storing the refresh token.

Now I'm getting the activities GET https://www.strava.com/api/v3/activities -> everything is fine!

But when the original access token expires, I'm getting a new access token with the refresh token (https://www.strava.com/oauth/token) I stored before. With the new access token I'm doing the same GET request to get the activities now the issue happens, I don't know why. The activity:read_permission should be set in the first call now I'm just getting a new Access token with the original refresh token, I can not set permissions here. What do I miss?

Status: 401 (Failure)

{
"message": "Authorization Error",
"errors": [
{
"resource": "AccessToken",
"field": "activity:read_permission",
"code": "missing"
}
]
}