UI logout on ORCID session expiration

[jstone-uw]

ORCID tokens have a lifetime of 24 hours and are not renewable. After 24 hours, a logged-in MaveDB user will begin to get error responses to any API requests that check authentication status, even if they do not require authentication.

When this occurs, the UI should detect the change and clear the client-side login status. This will cause the UI to revert to logged-out status.

[jstone-uw]

The approach suggested above has one drawback: If a user has an editing screen open, changes will be lost. This seems acceptable to me given that we're also implementing saving of drafts, so that changes will be saved at intervals during score set creation instead of just once at the end of the process.

[jstone-uw]

The approach I'd suggest is to use hooks into the HTTP client library to catch HTTP 401 or 403 error responses. When such a response is received, the UI can make a request to /users/me or a similar endpoint to check whether the user is still logged in. If the response is again 401 or 403, the UI's session information should be cleared.

To do this, we need to ensure that all API requests are made through the same client library. We currently use Axios for many requests, but newer libraries may be worth considering. Another BBI project that uses Axios has implemented a similar hook (in that case, used for session renewal).