As part of JIRA
QPID-8440 a mechanism to change credentials dynamically via connection extensions was introduced in the client. It allows to rotate the expired credentials. However, the extension implementation would need to check the validity of credentials before returning them to connection object.
We need to add a new mechanism to notify the application about authentication failures due to expired credentials. That would allow to rotate credentials via extensions in response to the authentication failure rather than doing that pro-actively in every call to the extensions.