Automatically log out the user when the API token becomes invalid

[demenech]

API tokens used in the frontend are not supposed to expire, but in case this ever happens e.g., if there were a CKAN version upgrade, users are not being logged out of the frontend and will keep receiving "Access Denied" errors for all protected actions.

Tasks

• [ ] Investigate a solution for this (see proposed solution below)
• [ ] Implement a mechanism to log out users on the frontend when their token becomes invalid

Acceptance Criteria

• [ ] The user is automatically logged out if the token becomes invalid

Notes

One of the challenges is that CKAN returns the same error for both unauthorized and forbidden.

This means that from the API response, it's not possible to determine whether the user has a valid API key or not.

One possible way to improve this would be by implementing a middleware on CKAN that:

• Intercepts when a API response is about to return "Access Denied"
• Validates the user token to see if the Access Denied is due to an invalid token or RBAC
• If invalid token, modify the response