fix: Change so we do not try to logout upon 401 response when logoutOnInvalidtoken is set and the user is not authenticated

[emilast]

Here's a simple PR for #354. Tests are passing but I couldn't understand how to write a new test for the error condition.

There should probably be a new test in fetchClientConfig.spec.js, similar to Should not intercept requests when unauthenticated. but where logoutOnInvalidtoken in the config is set to true and a 401 response is received, but it wasn't obvious to me how to write that.

[RWOverdijk]

I think this technically qualifies a major version bump, as the behavior will change. For that reason, I'm less worried about it :)

The commit message however, could you change that? Otherwise, I'll do it for you.

git commit --amend -m 'fix(authentication): prevent logout if there is no identity

BREAKING CHANGE: authentication failures on 401 now return the response in the rejection.'

[emilast]

Check :-)

[RWOverdijk]

Now you just added two commits. I'll fix it :D

[RWOverdijk]

it later today :)

[RWOverdijk]

Merged and added. I'll create a prerelease version for testing. In this, the headers need to be fixed as well before the actual release. Can you live with that? :)

[emilast]

Thanks for fixing :-) Not sure what you mean with "the headers need to be fixed" but there's no rush to get the fix out for me, I added a temporary workaround in my code so I avoid the problem.

[RWOverdijk]

@emilast By headers I mean the content type. We have a bug where, when using refresh tokens, the headers get applied incorrectly. It's something you can work around as a user, but it's still wrong.