The lesson is meant to use the refresh token, but as the integration test shows it actually can also be solved with using none.

Of course this is not a problem, might be good to mention in the response towards the user, to mention "good thinking you found an alternative solution..."