Comment 1 for bug 942985

A Token not validating in this case is not a reason to return an error code. If the caller (the service) is authenticated but the token it is checking is not valid. This should return HTTP response code 200, but the body of the request should indicate that the token is invalid.