bhudgens
commented
6 years ago - When a user is met with a hard 403 it adds confusion to the user experience. Allow the login app to handle this condition in a way that makes sense for the business. Instead of a hard 403 we pass along a header that lets the app decide if it wants to 403 or re-login the user. We still do not allow the user to access the page by setting the token to nil