fix: automatically clear auth token if refresh token is invalid

[vvagaytsev]

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

[stefreak]

Can we also determine the token validity using the response status code?

Suggested change

	if (err.message.toLowerCase().includes("invalid refresh token")) {
	if (err.statusCode >= 400 && err.statusCode < 500) {

[stefreak]

Maybe we should even test for 401 explicitly

[stefreak]

If we ever migrate to other kinds of tokens that need to be decoded, e.g. JWT tokens then we should also delete the token on 400 response though, so I think 400 <= code < 500 is fine

[vvagaytsev]

Backend V2 did not return any status code for invalid token.

[stefreak]

We need to change the backend in that case, to make sure that it will emit correct status code in this case then. Maybe @hph can support you on this?

[hph]

The error returned is UNAUTHORIZED, which should map to 401. This status code is available in the httpStatus property, at least when using the frontend client, but I think it should be the same in core. Reference (see error shape above the linked table)

[vvagaytsev]

I double-check that and did not see the status code in the TRPCClientError instance. The data property (that should contain httpStatus) was undefined, I'm not sure why.

[vvagaytsev]

I found the original error code deep inside the error object.

[stefreak]

Is it maybe helpful to infer the specific error shape for the router? See also https://trpc.io/docs/client/vanilla/infer-types#infer-trpcclienterror-types

[vvagaytsev]

I did it in feaa8d2 - we need the nested cause there. Not sure why the error is wrapped in such a way,