Regression: /portal/login/loginwithtoken no longer accepts refresh token without existing PHP session

Hello,

In API versions 44.4.4 and earlier, it was possible to perform an automatic login by using the API refresh token with the /portal/login/loginwithtoken endpoint, for example:

https://my.netsapiens.portal.com/portal/login/loginwithtoken?iframe=no&refresh_token=$TOKEN&username=$USERNAME&avoidExpiredRedirect=true

This allowed us to perform programmatic login and streamline login for end users.

Since version 44.4.5, the /portal/login/loginwithtoken endpoint now appears to require an existing PHP session before it will authenticate.

Could you confirm whether this is an intentional change or a regression?
Is there a replacement workflow for programmatic login using the refresh token?

Thanks