Login fail due to old refresh token

On **authStateChange** is subscribing with authorization of config authType, so if authType is User and refreshToken has expired, the subscription is canceled, causing login to fail (nothing happens on client). Perhaps this specific subscription should be using a **different** **authorization header** (e.g. public, anonymous, unauthorized).