So my Angular app was running smoothly for a while, until I enabled guest access to certain services. Then I noticed that when my logged-in user’s session expired, the Angular client which performed API requests would now get 403 Forbidden responses instead of 401 Not Authorized. This is because the DSP auto-downgraded my logged-in user to a guest user, tried to perform the request, and then returned a 403.
Now I am unable to differentiate between a genuine 403 Forbidden (when the user’s session IS valid, but is trying to do something forbidden) and a 401 (when the user’s session is simply expired). It is important for me to distinguish between the two responses, because the former indicates a bug or hacking behaviour, while the latter is mundane. It is not useful to get a 403 for both cases.
Is there a way to perform requests while disabling auto-downgrade to the guest role? Or maybe a way to test if the current session is a guest session? Or maybe a way to find out if the current session is merely expired, not a guest session?