"Invalid client id" error when refreshing token

[byrnereese]

A developer is migrating to auth code with PKCE for all their API calls. They are using the Javascript SDK and noticed a problem. When they invoke platform.refresh() to get a new auth token, they are getting an error regarding an invalid client iD. It appears the SDK is encoding an Authorization header with a client ID and no secret. Which is to be expected for some API calls in the Auth flow. When he composes a request to refresh a token without an auth header (via Postman) everything works.