Refresh Invalid Tokens in UsernameProvider

Currently if the `UsernameProvider` encounters an invalid token while extracting a username it fails completely with an `ExpiredJwtException`.  Since this is a perfectly normal behavior, the `UsernameProvider` should refresh the token and attempt the extraction again.