OpenID Connect: Failed to get user avatar from URL

We are using OpenID Connect 1.31 combined with Azure AD and XWiki 13.10.6. Nearly all works fine but we get this error message in the log file:

WARN o.x.c.o.a.i.OIDCUserManager - Failed to get user avatar from URL$value: IOException: Server returned HTTP response code: 401 for URL:$value

This happens to users with and without a microsoft user avatar.

I created a jira ticket but maybe there is some swarm intelligence in this forum to guide to the right direction.

Regards, Simpel