Front End Error message on Refresh Token Expiry

[lantern-sam]

Checklist

• I've searched the issue queue to verify this is not a duplicate bug report.
• I've included steps to reproduce the bug.
• I've pasted the output of kargo version.
• I've pasted logs, if applicable.

Description

Currently when I log into Kargo, after 24 hours it will be unable to refresh the token as by default there is a 24 hour limit on refresh tokens in Entra. That is not a problem, however when this happens there is quite a large / nasty looking error message that appears on the sign-in page giving details of this.

This appears in the network tab as a 400 error to the /token endpoint which seems common when trying to use an expired refresh token.

If possible it would be good to check the refresh token before using it and returning to the login screen gracefully with a "Your token has expired" error. (or no error at all)

Else, it would be nice to suppress this error in some way, either giving just the error summary or a "Something went wrong" in the FE whilst the proper error message would be available in the network logs.

Screenshots

Steps to Reproduce

Using Entra as an oidc provider.
oidc values:

oidc:
  enabled: true
  issuerURL: https://login.microsoftonline.com/{tenantID}/v2.0
  clientID: {clientID}
  additionalScopes: []
  admins:
    claims:
      email:
        - [email protected]

Open Kargo, login successfully, wait 24 hours, re-open Kargo.

Version

Kargo V1.3.1

Logs

Status: 400
Error: invalid_grant
Error Description: AADSTS700084: The refresh token was issued to a single page app (SPA) and therefore has a fixed, limited lifetime of 1.00:00:00 which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. 

I can try and provide the full network error if needed, I forgot to save it and I need to wait 24 hours before I can get it back!