The earlier update which I thought was obviously fixing it was correct but incomplete (or may be I tried something with Resteasy Classic which made me believe it was complete, unfortunately I don't remember now).

So this PR fixes it properly and this fix is supported by the test.
The test adds a disabled OidcClient tenant, the flow is: test calls FrontentResource which uses RESTClient to call a secured ProtectedResource - which can only be accessed if OidcClient acquired the token. But because OidcClient is disabled, the request to ProtectedResource goes without the token (as opposed to be terminated with DisabledOidcClientException) and therefore 401 is returned from ProtectedResource and is passed further back to the test code to confirm

• Fixes: #40886