57e1cf86a9
If the client thinks it has a valid token (i.e. if the token was set on another umbraco instance or it has expired on the server or been revoked), it will still try and use it. The first authenticated request will then return a 401 prompting the client to show the "time out" screen. This is not entirely correct, as the user might simply expect to see the login screen directly. This PR aims to introduce a simple server request to validate the token if one is present. We do this by trying to exchange the stored refresh_token to an access_token only on the first load. This has two benefits: 1. We let the server tell us directly if it thinks the stored token is useful. 2. We get a freshly minted access_token that is now valid for the configured timeout period and wont accidentally expire during the next 2 seconds thereby prompting the "time out" screen anyway.