fix(server): handle invalid access token case even before expiration