OAuth configuration for self-hosted temporal

I’m trying to setup OAuth based access on temporal server, server side it works, now i’m trying to add the bearer token on the client side, the expire time is 1h, and then the token needs to be refreshed.
I need to make sure every grpc call from the clients to the server has a valid bearer token, both for Clients and Workers. i’m also using the Typescript SDK.
After a quick search i saw that it’s possible to set up a timeout and periodically call setMetadata of the Worker NativeConnection or the Client Connection, passing the new header.

I was wondering if using interceptors instead, I see on the client side it’s possible to inject custom interceptor directly as WorkflowClientInterceptor, on the Worker side i only see the possibility to add ActivityInterceptors. Shall i assume interceptors cannot be used for this use case then?