Revisit auth token clearing behavior on 401 responses

[shayneczyzewski]

Currently, when we get a 401 response, we clear the auth token: https://github.com/wasp-lang/wasp/blob/226ec3915ef78bd8a657a0579f35b6590b8dbbc0/waspc/data/Generator/templates/react-app/src/api.ts#L36-L41

The problem is, if you have some active tab A where you are logged in, but have another tab B where you are logged out, and you go from tab A to B, then in B it will be making some calls to /me that will fail, and it will clear the auth token, thus logging you out of A.

I think the solution is to differentiate between an invalid/old auth, where we should clear the auth token, vs making a request without an auth token. In the second case, and with a listener on localStorage changes, we can prevent this scenario from happening and actually allow tab B to start making authenticated requests as well.

[infomiho]

We might have solved this issue with:

with a listener on localStorage changes, we can prevent this scenario from happening and actually allow tab B to start making authenticated requests as well.

https://github.com/wasp-lang/wasp/pull/1203/files#diff-75a2c4c8d20de8f106699abd82dcd467213154210f437abe6a6cdd1f0d800f5eR51

[infomiho]

Testing out the behaviour of:

1. Opening an app in two tabs
2. Logging in one tab
3. Going to the other tab

still produces the logging out behaviour. So, this is still a valid issue 👍

[Martinsos]

I found this to also be problematic when dealing with open-saas.

In the fresh local open saas app, I tried to buy a plan. I got logged out! Not expected. I see that happens because operations/stripe-payment returns 401.

I would say this is a separate point why we shouldn't clear auth token's on any 401, it is just too aggressive. Any operation can return 401, we don't know what the reason is, and logging out on it is too much.