expired / missing tokens in the UI should fall back to anonymous permissions

[thetoothpick]

Nomad version

Nomad 1.8.3

Operating system and Environment details

Linux (server), Mac OS/Chrome (client)

Issue

When using the UI, after a token expires, all permission-checking requests return a 403 Forbidden error due to an expired or missing token, and cannot use the UI until they log in again. When the anonymous ACL policy grants at least read access, this means that a user with an expired token in their browser cookies has fewer permissions than a user with no token.

This leads to general annoyance, since a user must log in again to see anything in the UI after their token expires. It also can cause deeper issues, as someone who has their login access removed cannot get a new token, but is instead stuck with a token that blocks all access (and there's no way to clear the bad token from the UI, it has to be deleted from browser settings).

Ideally, a user with an expired token would have the same permissions as a user with no token (i.e. the anonymous ACL policy), or their token would be automatically cleared from the browser after expiration.

Screenshots

[FelipeLopes-systematica]

This indeed creates issues and anyone monitoring for errors in the Nomad Client(s) logs will see/alert on those, which is my case. The errors are also not very clear as you need to enable DEBUG log level to see what caused the "Permission Denied" error. Is there any workaround for this?