Access not authorised

[nelsonic]

Was signed in with Google and tracking an item.
Decided to add a new item but got the "Access not authorised" error:

[SimonLab]

The environment variable SECRET_KEY_BASE has recently been updated on auth-mvp to be able to have the email feature working.
This environment variable is also used to create and verify the jwt used for users authentication.
I'm wondering if this "Access not authorised" is due to this change.
I'll try to reproduce this error using the heroku application

[SimonLab]

With the latest PR merged #46 this issue is avoid as when the user is not logged in the application will redirect to the login page, however when the user is loggedin the login page redirect to the capture page.
We saw that when the page return unauthrorised we can just refresh the page to make it work again. It's what the capture -> login -> capture flow is doing.

It is not really a long term fix but I think this will be resolved as soon as the dyno plan on heroku is upgraded.

edit:
In fact this should not happen. If the API returned unauthorized, this means that the jwt is not valid anymore. We still need to redirect to the login page, however we first need to update the session model of the application and make sure to logout and set the session as guest