We are trying to use both Online and Offline oauth tokens at the same time. We are now able to get new Online oauth tokens.
However, we noticed that after we complete the Online oauth flow and get the new Online token, it would overwrite the permission scopes for the existing Offline oauth token with the scopes we asked for the Online token. So it broke the API calls that's using the Offline token.
Is this the expected behaviour? Is it possible to have both types of tokens with different sets of permission scopes at the same time?