If the request to refresh the access token fails, we try to redirect to login. However, this doesn't drop the existing session cookies so the request gets stuck in loop trying and failing to refresh the token, then redirecting to /login.
This PR changes the middleware to end the session, but doesn't try to reinitiate a login. I tested this by lowering the access token lifespan to 1 minute, invalidating the session in Keycloak, and waiting for a refresh to happen.
Likely there could be some better UX here, see #167 and likely #165 would be helpful.
If the request to refresh the access token fails, we try to redirect to login. However, this doesn't drop the existing session cookies so the request gets stuck in loop trying and failing to refresh the token, then redirecting to
/login.This PR changes the middleware to end the session, but doesn't try to reinitiate a login. I tested this by lowering the access token lifespan to 1 minute, invalidating the session in Keycloak, and waiting for a refresh to happen.
Likely there could be some better UX here, see #167 and likely #165 would be helpful.