Handle invalidated application keys after auth failures

src/api/auth.js

@@ -67,6 +67,7 @@ export async function logout(store) {
           application: TRYTON_APPLICATION,
         },
         includeKitchen: false,
+        skipAuthFailureHandler: true,
       });
     }
   } finally {

src/api/client.js

@@ -183,6 +183,32 @@ function logApiFailure(message, context) {
   console.error(message, context);
 }
 
+function isAuthErrorStatus(status) {
+  return status === 401 || status === 403;
+}
+
+function isKitchensPath(path) {
+  return String(path || '').replace(/^\/+/, '').replace(/\/+$/, '') === API_PATHS.kitchens;
+}
+
+function shouldInvalidateValidatedSession(store, path, options = {}) {
+  if (options.skipAuthFailureHandler) {
+    return false;
+  }
+
+  if (!store.session?.applicationKey || !store.session?.hasValidated) {
+    return false;
+  }
+
+  return (
+    isKitchensPath(path) ||
+    options.includeKitchen !== false ||
+    path === API_PATHS.items ||
+    path === API_PATHS.locations ||
+    String(path || '').startsWith(`${API_PATHS.items}/`)
+  );
+}
+
 export async function apiRequest(store, path, options = {}) {
   const { config, session, activeKitchen } = store;
 
@@ -240,6 +266,9 @@ export async function apiRequest(store, path, options = {}) {
       method,
       error,
     });
+    if (shouldInvalidateValidatedSession(store, path, options)) {
+      window.__loncApp?.handleAuthFailure?.(networkError);
+    }
     throw networkError;
   }
 
@@ -252,6 +281,15 @@ export async function apiRequest(store, path, options = {}) {
       status: response.status,
       payload,
     });
+    if (
+      isAuthErrorStatus(response.status) &&
+      (
+        shouldInvalidateValidatedSession(store, path, options) ||
+        (store.session?.state === 'connected' && response.status === 403 && isKitchensPath(path))
+      )
+    ) {
+      window.__loncApp?.handleAuthFailure?.(apiError);
+    }
     throw apiError;
   }