TT-7429 handle token expired when starting apm

[sarahentzel]

No description provided.

[Copilot]

Pull request overview

This PR improves handling of expired/invalid online sessions during app startup and Orbit sync by centralizing “unauthorized (401)” behavior and making logout/session invalidation more consistent across Electron and web.

Changes:

• Adds invalidateOnlineSession() to the token context and uses it when Orbit encounters 401 responses.
• Updates startup/auth routes (Loading, Access, Logout) to better recover from cleared/expired sessions and prompt re-login.
• Adds error handling around Orbit initialization to avoid unhandled promise rejections.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/renderer/src/store/orbit/actions.tsx	Adds safer status handling and a catch path when building Orbit sources.
src/renderer/src/Sources.tsx	Centralizes 401 detection and triggers session invalidation + queue clearing on unauthorized Orbit requests.
src/renderer/src/routes/Logout.tsx	Simplifies web logout flow to always clear local token state and call Auth0 logout.
src/renderer/src/routes/Loading.tsx	Introduces auth-failure handling during initial remote load and adds an auth check effect.
src/renderer/src/routes/Access.tsx	Improves re-login behavior when Auth0 state and local token state diverge; adds Electron auto-relogin guard.
src/renderer/src/context/TokenProvider.tsx	Adds invalidateOnlineSession() and refactors token-expiration/logout flow + dialog rendering.

Comments suppressed due to low confidence (1)

src/renderer/src/context/TokenProvider.tsx:235

• handleClose sets view.current = 'Logout' and relies on a later render-time check to call handleLogOut(). This is brittle and is what leads to a state update during render (see below). It’s safer to perform the logout side-effect directly inside the event handler when the user chooses logout.

  const handleClose = (value: number) => {
    setModalOpen(false);
    if (value < 0) {
      view.current = 'Logout';
    } else {
      resetExpiresAt();

[gtryus]

It's hard to wrap my mind around all the scenarios but I tried to think of a couple edge cases that may need to be thought through. I recommended we leave out clearing the orbit remote queue unless we are sure that we shouldn't be doing the updates it contains.

[gtryus]

Won't this break orbit's ability to recover when it goes back online?

[gtryus]

I think it makes sense to clear the queue when there is an unauthorized login attempt but I guess if it has been sitting overnight with no Internet and then Internet comes back, we would want it to sync anything that was waiting when the Internet disappeared.

[sarahentzel]

except the retries don't use the new token so they will never succeed

[Copilot]

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

src/renderer/src/Sources.tsx:175

• queryError returns remote.requestQueue.retry (a function reference) instead of calling it. This prevents the failed request from being retried and can cause the failing remote.query(...) to reject upward (e.g., during startup user fetch).

      orbitError(ex as IApiError);
      //signal to datachanges that we've had a network error
      setOrbitRetries(OrbitNetworkErrorRetries - 1);
    }
    return remote.requestQueue.retry;
  };