feat(no-auth): setup interceptor and ui hiding for no auth mode

frontend/src/AppRoutes/__tests__/Private.test.tsx

@@ -165,6 +165,8 @@ function createMockAppContext(
 		orgPreferences: createMockOrgPreferences(),
 		userPreferences: [],
 		isLoggedIn: true,
+		isNoAuthMode: false,
+		isPreflightLoading: false,
 		org: [{ createdAt: 0, id: 'org-id', displayName: 'Test Org' }],
 		isFetchingUser: false,
 		isFetchingActiveLicense: false,

frontend/src/AppRoutes/index.tsx

@@ -58,6 +58,7 @@ function App(): JSX.Element {
 		isLoggedIn: isLoggedInState,
 		featureFlags,
 		org,
+		isPreflightLoading,
 	} = useAppContext();
 	const [routes, setRoutes] = useState<AppRoutes[]>(defaultRoutes);
 
@@ -350,6 +351,10 @@ function App(): JSX.Element {
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [isCloudUser, isEnterpriseSelfHostedUser]);
 
+	if (isPreflightLoading) {
+		return <Spinner tip="Loading..." />;
+	}
+
 	// if the user is in logged in state
 	if (isLoggedInState) {
 		// if the setup calls are loading then return a spinner

frontend/src/api/__tests__/interceptorRejected.no-auth.test.ts

@@ -0,0 +1,69 @@
+import axios from 'axios';
+import { LOCALSTORAGE } from 'constants/localStorage';
+
+import { interceptorRejected } from '../index';
+
+jest.mock('api/v2/sessions/rotate/post', () => ({
+	__esModule: true,
+	default: jest.fn(),
+}));
+
+jest.mock('AppRoutes/utils', () => ({
+	__esModule: true,
+	default: jest.fn(),
+}));
+
+jest.mock('../utils', () => ({
+	Logout: jest.fn(),
+}));
+
+// oxlint-disable-next-line typescript/no-require-imports typescript/no-var-requires
+const post = require('api/v2/sessions/rotate/post').default;
+// oxlint-disable-next-line typescript/no-require-imports typescript/no-var-requires
+const { Logout } = require('../utils');
+
+describe('interceptorRejected — no-auth mode', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		localStorage.clear();
+		jest.spyOn(axios, 'isAxiosError').mockReturnValue(true);
+	});
+
+	it('does NOT call rotate or Logout when IS_NO_AUTH_MODE=true on 401', async () => {
+		localStorage.setItem(LOCALSTORAGE.IS_NO_AUTH_MODE, 'true');
+
+		const error = {
+			isAxiosError: true,
+			response: {
+				status: 401,
+				config: { url: '/dashboards', method: 'get' },
+			},
+			config: { url: '/dashboards', headers: {} },
+		};
+
+		await interceptorRejected(error as any).catch(() => {});
+
+		expect(post).not.toHaveBeenCalled();
+		expect(Logout).not.toHaveBeenCalled();
+	});
+
+	it('DOES attempt rotate when IS_NO_AUTH_MODE=false on 401', async () => {
+		localStorage.setItem(LOCALSTORAGE.IS_NO_AUTH_MODE, 'false');
+		(post as jest.Mock).mockResolvedValue({
+			data: { accessToken: 'a', refreshToken: 'b' },
+		});
+
+		const error = {
+			isAxiosError: true,
+			response: {
+				status: 401,
+				config: { url: '/dashboards', method: 'get' },
+			},
+			config: { url: '/dashboards', headers: {} },
+		};
+
+		await interceptorRejected(error as any).catch(() => {});
+
+		expect(post).toHaveBeenCalled();
+	});
+});

frontend/src/api/index.ts

@@ -108,7 +108,11 @@ export const interceptorRejected = async (
 		if (axios.isAxiosError(value) && value.response) {
 			const { response } = value;
 
+			const isNoAuthMode =
+				getLocalStorageApi(LOCALSTORAGE.IS_NO_AUTH_MODE) === 'true';
+
 			if (
+				!isNoAuthMode &&
 				response.status === 401 &&
 				// if the session rotate call or the create session errors out with 401 or the delete sessions call returns 401 then we do not retry!
 				response.config.url !== '/sessions/rotate' &&
@@ -140,16 +144,20 @@ export const interceptorRejected = async (
 						return await Promise.resolve(reResponse);
 					} catch (error) {
 						if ((error as AxiosError)?.response?.status === 401) {
-							Logout();
+							void Logout();
 						}
 					}
 				} catch (error) {
-					Logout();
+					void Logout();
 				}
 			}
 
-			if (response.status === 401 && response.config.url === '/sessions/rotate') {
-				Logout();
+			if (
+				!isNoAuthMode &&
+				response.status === 401 &&
+				response.config.url === '/sessions/rotate'
+			) {
+				void Logout();
 			}
 		}
 		return await Promise.reject(value);

frontend/src/constants/localStorage.ts

@@ -39,4 +39,5 @@ export enum LOCALSTORAGE {
 	DISMISSED_API_KEYS_DEPRECATION_BANNER = 'DISMISSED_API_KEYS_DEPRECATION_BANNER',
 	LICENSE_KEY_CALLOUT_DISMISSED = 'LICENSE_KEY_CALLOUT_DISMISSED',
 	DASHBOARD_PREFERENCES = 'DASHBOARD_PREFERENCES',
+	IS_NO_AUTH_MODE = 'IS_NO_AUTH_MODE',
 }

frontend/src/container/MembersSettings/MembersSettings.tsx

@@ -9,6 +9,7 @@ import EditMemberDrawer from 'components/EditMemberDrawer/EditMemberDrawer';
 import InviteMembersModal from 'components/InviteMembersModal/InviteMembersModal';
 import MembersTable, { MemberRow } from 'components/MembersTable/MembersTable';
 import useUrlQuery from 'hooks/useUrlQuery';
+import { useAppContext } from 'providers/App/App';
 import { toISOString } from 'utils/app';
 
 import { FilterMode, MemberStatus, toMemberStatus } from './utils';
@@ -20,6 +21,7 @@ const PAGE_SIZE = 20;
 function MembersSettings(): JSX.Element {
 	const history = useHistory();
 	const urlQuery = useUrlQuery();
+	const { isNoAuthMode } = useAppContext();
 
 	const pageParam = parseInt(urlQuery.get('page') ?? '1', 10);
 	const currentPage = Number.isNaN(pageParam) || pageParam < 1 ? 1 : pageParam;
@@ -145,7 +147,7 @@ function MembersSettings(): JSX.Element {
 				: `Deleted ⎯ ${deletedCount}`;
 
 	const handleInviteComplete = useCallback((): void => {
-		refetchUsers();
+		void refetchUsers();
 	}, [refetchUsers]);
 
 	const handleRowClick = useCallback((member: MemberRow): void => {
@@ -157,7 +159,7 @@ function MembersSettings(): JSX.Element {
 	}, []);
 
 	const handleMemberEditComplete = useCallback((): void => {
-		refetchUsers();
+		void refetchUsers();
 	}, [refetchUsers]);
 
 	return (
@@ -200,14 +202,16 @@ function MembersSettings(): JSX.Element {
 						/>
 					</div>
 
-					<Button
-						variant="solid"
-						color="primary"
-						onClick={(): void => setIsInviteModalOpen(true)}
-					>
-						<Plus size={12} />
-						Invite member
-					</Button>
+					{!isNoAuthMode && (
+						<Button
+							variant="solid"
+							color="primary"
+							onClick={(): void => setIsInviteModalOpen(true)}
+						>
+							<Plus size={12} />
+							Invite member
+						</Button>
+					)}
 				</div>
 			</div>
 			<MembersTable
@@ -221,11 +225,13 @@ function MembersSettings(): JSX.Element {
 				onRowClick={handleRowClick}
 			/>
 
-			<InviteMembersModal
-				open={isInviteModalOpen}
-				onClose={(): void => setIsInviteModalOpen(false)}
-				onComplete={handleInviteComplete}
-			/>
+			{!isNoAuthMode && (
+				<InviteMembersModal
+					open={isInviteModalOpen}
+					onClose={(): void => setIsInviteModalOpen(false)}
+					onComplete={handleInviteComplete}
+				/>
+			)}
 
 			<EditMemberDrawer
 				member={selectedMember}

frontend/src/container/MySettings/UserInfo/index.tsx

@@ -15,7 +15,7 @@ import '../MySettings.styles.scss';
 import './UserInfo.styles.scss';
 
 function UserInfo(): JSX.Element {
-	const { user, org, updateUser } = useAppContext();
+	const { user, org, updateUser, isNoAuthMode } = useAppContext();
 	const { t } = useTranslation(['routes', 'settings', 'common']);
 
 	const { notifications } = useNotifications();
@@ -79,10 +79,10 @@ function UserInfo(): JSX.Element {
 		currentPassword === updatePassword;
 
 	const onSaveHandler = async (): Promise<void> => {
-		logEvent('Account Settings: Name Updated', {
+		void logEvent('Account Settings: Name Updated', {
 			name: changedName,
 		});
-		logEvent(
+		void logEvent(
 			'Account Settings: Name Updated',
 			{
 				name: changedName,
@@ -143,14 +143,16 @@ function UserInfo(): JSX.Element {
 					Update name
 				</Button>
 
-				<Button
-					type="default"
-					className="periscope-btn secondary"
-					icon={<FileTerminal size={16} />}
-					onClick={(): void => setIsResetPasswordModalOpen(true)}
-				>
-					Reset password
-				</Button>
+				{!isNoAuthMode && (
+					<Button
+						type="default"
+						className="periscope-btn secondary"
+						icon={<FileTerminal size={16} />}
+						onClick={(): void => setIsResetPasswordModalOpen(true)}
+					>
+						Reset password
+					</Button>
+				)}
 			</div>
 
 			<Modal
@@ -182,62 +184,64 @@ function UserInfo(): JSX.Element {
 				</div>
 			</Modal>
 
-			<Modal
-				className="reset-password-modal"
-				title={<span className="title">Reset password</span>}
-				open={isResetPasswordModalOpen}
-				closable
-				onCancel={hideResetPasswordModal}
-				footer={[
-					<Button
-						key="submit"
-						className={`periscope-btn ${
-							isResetPasswordDisabled ? 'secondary' : 'primary'
-						}`}
-						icon={<Check size={16} />}
-						onClick={onChangePasswordClickHandler}
-						disabled={isLoading || isResetPasswordDisabled}
-						data-testid="reset-password-btn"
-					>
-						Reset password
-					</Button>,
-				]}
-			>
-				<div className="reset-password-container">
-					<div className="current-password-input">
-						<Typography.Text>Current password</Typography.Text>
-						<Input.Password
-							data-testid="current-password-textbox"
-							disabled={isLoading}
-							placeholder={defaultPlaceHolder}
-							onChange={(event): void => {
-								setCurrentPassword(event.target.value);
-							}}
-							value={currentPassword}
-							type="password"
-							autoComplete="off"
-							visibilityToggle
-						/>
-					</div>
+			{!isNoAuthMode && (
+				<Modal
+					className="reset-password-modal"
+					title={<span className="title">Reset password</span>}
+					open={isResetPasswordModalOpen}
+					closable
+					onCancel={hideResetPasswordModal}
+					footer={[
+						<Button
+							key="submit"
+							className={`periscope-btn ${
+								isResetPasswordDisabled ? 'secondary' : 'primary'
+							}`}
+							icon={<Check size={16} />}
+							onClick={onChangePasswordClickHandler}
+							disabled={isLoading || isResetPasswordDisabled}
+							data-testid="reset-password-btn"
+						>
+							Reset password
+						</Button>,
+					]}
+				>
+					<div className="reset-password-container">
+						<div className="current-password-input">
+							<Typography.Text>Current password</Typography.Text>
+							<Input.Password
+								data-testid="current-password-textbox"
+								disabled={isLoading}
+								placeholder={defaultPlaceHolder}
+								onChange={(event): void => {
+									setCurrentPassword(event.target.value);
+								}}
+								value={currentPassword}
+								type="password"
+								autoComplete="off"
+								visibilityToggle
+							/>
+						</div>
 
-					<div className="new-password-input">
-						<Typography.Text>New password</Typography.Text>
-						<Input.Password
-							data-testid="new-password-textbox"
-							disabled={isLoading}
-							placeholder={defaultPlaceHolder}
-							onChange={(event): void => {
-								const updatedValue = event.target.value;
-								setUpdatePassword(updatedValue);
-							}}
-							value={updatePassword}
-							type="password"
-							autoComplete="off"
-							visibilityToggle={false}
-						/>
+						<div className="new-password-input">
+							<Typography.Text>New password</Typography.Text>
+							<Input.Password
+								data-testid="new-password-textbox"
+								disabled={isLoading}
+								placeholder={defaultPlaceHolder}
+								onChange={(event): void => {
+									const updatedValue = event.target.value;
+									setUpdatePassword(updatedValue);
+								}}
+								value={updatePassword}
+								type="password"
+								autoComplete="off"
+								visibilityToggle={false}
+							/>
+						</div>
 					</div>
-				</div>
-			</Modal>
+				</Modal>
+			)}
 		</div>
 	);
 }

frontend/src/container/RoutingPolicies/__tests__/testUtils.ts

@@ -100,6 +100,8 @@ export function getAppContextMockState(
 		orgPreferences: null,
 		userPreferences: null,
 		isLoggedIn: false,
+		isNoAuthMode: false,
+		isPreflightLoading: false,
 		org: null,
 		isFetchingUser: false,
 		isFetchingActiveLicense: false,

frontend/src/container/SideNav/SideNav.tsx

@@ -131,6 +131,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		featureFlags,
 		trialInfo,
 		isLoggedIn,
+		isNoAuthMode,
 		userPreferences,
 		changelog,
 		toggleChangelogModal,
@@ -401,7 +402,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 	);
 
 	const handleReorderShortcutNavItems = (): void => {
-		logEvent('Sidebar V2: Save shortcuts clicked', {
+		void logEvent('Sidebar V2: Save shortcuts clicked', {
 			shortcuts: tempPinnedMenuItems.map((item) => item.key),
 		});
 		setPinnedMenuItems(tempPinnedMenuItems);
@@ -429,7 +430,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 	const isWorkspaceBlocked = trialInfo?.workSpaceBlock || false;
 
 	const onClickGetStarted = (event: MouseEvent): void => {
-		logEvent('Sidebar: Menu clicked', {
+		void logEvent('Sidebar: Menu clicked', {
 			menuRoute: '/get-started',
 			menuLabel: 'Get Started',
 		});
@@ -482,12 +483,14 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 				isWorkspaceBlocked,
 				isEnterpriseSelfHostedUser,
 				isCommunityEnterpriseUser,
+				isNoAuthMode,
 			}),
 		[
 			isEnterpriseSelfHostedUser,
 			isCommunityEnterpriseUser,
 			user.email,
 			isWorkspaceBlocked,
+			isNoAuthMode,
 		],
 	);
 
@@ -509,7 +512,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 	]);
 
 	useEffect(() => {
-		if (!isAdmin) {
+		if (!isAdmin || isNoAuthMode) {
 			setHelpSupportDropdownMenuItems((prevState) =>
 				prevState.filter(
 					(item) => !('key' in item) || item.key !== 'invite-collaborators',
@@ -600,6 +603,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [
 		isAdmin,
+		isNoAuthMode,
 		isChatSupportEnabled,
 		isPremiumSupportEnabled,
 		isCloudUser,
@@ -628,7 +632,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		} else if (item) {
 			onClickHandler(item?.key as string, event);
 		}
-		logEvent('Sidebar V2: Menu clicked', {
+		void logEvent('Sidebar V2: Menu clicked', {
 			menuRoute: item?.key,
 			menuLabel: item?.label,
 		});
@@ -771,7 +775,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 					onTogglePin={
 						allowPin
 							? (item): void => {
-									logEvent(
+									void logEvent(
 										`Sidebar V2: Menu item ${item.isPinned ? 'unpinned' : 'pinned'}`,
 										{
 											menuRoute: item.key,
@@ -818,7 +822,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		const event = (info as SidebarItem & { domEvent?: MouseEvent }).domEvent;
 
 		if (item && !('type' in item)) {
-			logEvent('Help Popover: Item clicked', {
+			void logEvent('Help Popover: Item clicked', {
 				menuRoute: item.key,
 				menuLabel: String(item.label),
 			});
@@ -867,7 +871,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 			menuLabel = item.label;
 		}
 
-		logEvent('Settings Popover: Item clicked', {
+		void logEvent('Settings Popover: Item clicked', {
 			menuRoute: item?.key,
 			menuLabel,
 		});
@@ -904,7 +908,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 				}
 				break;
 			case 'logout':
-				Logout();
+				void Logout();
 				break;
 			default:
 		}
@@ -1058,7 +1062,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 													<div
 														className="nav-section-title-icon reorder"
 														onClick={(): void => {
-															logEvent('Sidebar V2: Manage shortcuts clicked', {});
+															void logEvent('Sidebar V2: Manage shortcuts clicked', {});
 															setIsReorderShortcutNavItemsModalOpen(true);
 														}}
 													>
@@ -1105,7 +1109,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 													return;
 												}
 												const newCollapsedState = !isMoreMenuCollapsed;
-												logEvent('Sidebar V2: More menu clicked', {
+												void logEvent('Sidebar V2: More menu clicked', {
 													action: isMoreMenuCollapsed ? 'expand' : 'collapse',
 												});
 												setIsMoreMenuCollapsed(newCollapsedState);
@@ -1209,14 +1213,14 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 				open={isReorderShortcutNavItemsModalOpen}
 				closable
 				onCancel={(): void => {
-					logEvent('Sidebar V2: Manage shortcuts dismissed', {});
+					void logEvent('Sidebar V2: Manage shortcuts dismissed', {});
 					hideReorderShortcutNavItemsModal();
 				}}
 				footer={[
 					<Button
 						key="cancel"
 						onClick={(): void => {
-							logEvent('Sidebar V2: Manage shortcuts dismissed', {});
+							void logEvent('Sidebar V2: Manage shortcuts dismissed', {});
 							hideReorderShortcutNavItemsModal();
 						}}
 						className="periscope-btn cancel-btn secondary-btn"

frontend/src/container/SideNav/__tests__/menuItems.test.tsx

@@ -5,6 +5,7 @@ const BASE_PARAMS = {
 	isWorkspaceBlocked: false,
 	isEnterpriseSelfHostedUser: false,
 	isCommunityEnterpriseUser: false,
+	isNoAuthMode: false,
 };
 
 describe('getUserSettingsDropdownMenuItems', () => {
@@ -71,4 +72,15 @@ describe('getUserSettingsDropdownMenuItems', () => {
 		expect(keys[3]).toBe('account');
 		expect(keys[keys.length - 1]).toBe('logout');
 	});
+
+	it('omits sign out and its preceding divider when isNoAuthMode=true', () => {
+		const items =
+			getUserSettingsDropdownMenuItems({ ...BASE_PARAMS, isNoAuthMode: true }) ??
+			[];
+		const keys = items.map((item: any) => item.key ?? item.type);
+
+		expect(keys).not.toContain('logout');
+		// the trailing divider before logout should also be gone
+		expect(keys[keys.length - 1]).toBe('keyboard-shortcuts');
+	});
 });

frontend/src/container/SideNav/menuItems.tsx

@@ -470,6 +470,7 @@ export interface UserSettingsMenuItemsParams {
 	isWorkspaceBlocked: boolean;
 	isEnterpriseSelfHostedUser: boolean;
 	isCommunityEnterpriseUser: boolean;
+	isNoAuthMode: boolean;
 }
 
 export const getUserSettingsDropdownMenuItems = ({
@@ -477,6 +478,7 @@ export const getUserSettingsDropdownMenuItems = ({
 	isWorkspaceBlocked,
 	isEnterpriseSelfHostedUser,
 	isCommunityEnterpriseUser,
+	isNoAuthMode,
 }: UserSettingsMenuItemsParams): MenuProps['items'] =>
 	[
 		{
@@ -520,21 +522,25 @@ export const getUserSettingsDropdownMenuItems = ({
 			icon: <Keyboard size={14} color={Style.L1_FOREGROUND} />,
 			dataTestId: 'keyboard-shortcuts-nav-item',
 		},
-		{ type: 'divider' as const },
-		{
-			key: 'logout',
-			label: (
-				<span className="user-settings-dropdown-logout-section">Sign out</span>
-			),
-			icon: (
-				<LogOut
-					size={14}
-					className="user-settings-dropdown-logout-section"
-					color={Style.DANGER_BACKGROUND}
-				/>
-			),
-			dataTestId: 'logout-nav-item',
-		},
+		...(isNoAuthMode
+			? []
+			: [
+					{ type: 'divider' as const },
+					{
+						key: 'logout',
+						label: (
+							<span className="user-settings-dropdown-logout-section">Sign out</span>
+						),
+						icon: (
+							<LogOut
+								size={14}
+								className="user-settings-dropdown-logout-section"
+								color={Style.DANGER_BACKGROUND}
+							/>
+						),
+						dataTestId: 'logout-nav-item',
+					},
+				]),
 	].filter(Boolean);
 
 /** Mapping of some newly added routes and their corresponding active sidebar menu key */

frontend/src/pages/Settings/Settings.tsx

@@ -26,8 +26,13 @@ import './Settings.styles.scss';
 function SettingsPage(): JSX.Element {
 	const { pathname, search } = useLocation();
 
-	const { user, featureFlags, trialInfo, isFetchingActiveLicense } =
-		useAppContext();
+	const {
+		user,
+		featureFlags,
+		trialInfo,
+		isFetchingActiveLicense,
+		isNoAuthMode,
+	} = useAppContext();
 	const { isCloudUser, isEnterpriseSelfHostedUser } = useGetTenantLicense();
 
 	const [settingsMenuItems, setSettingsMenuItems] = useState<SidebarItem[]>(
@@ -176,6 +181,14 @@ function SettingsPage(): JSX.Element {
 				}));
 			}
 
+			// In no-auth mode, hide the Members page from the sidebar
+			if (isNoAuthMode) {
+				updatedItems = updatedItems.map((item) => ({
+					...item,
+					isEnabled: item.key === ROUTES.MEMBERS_SETTINGS ? false : item.isEnabled,
+				}));
+			}
+
 			return updatedItems;
 		});
 	}, [
@@ -185,6 +198,7 @@ function SettingsPage(): JSX.Element {
 		isCloudUser,
 		isEnterpriseSelfHostedUser,
 		isFetchingActiveLicense,
+		isNoAuthMode,
 		trialInfo?.workSpaceBlock,
 		pathname,
 	]);
@@ -199,6 +213,7 @@ function SettingsPage(): JSX.Element {
 				isCloudUser,
 				isEnterpriseSelfHostedUser,
 				t,
+				isNoAuthMode,
 			),
 		[
 			user.role,
@@ -208,6 +223,7 @@ function SettingsPage(): JSX.Element {
 			isCloudUser,
 			isEnterpriseSelfHostedUser,
 			t,
+			isNoAuthMode,
 		],
 	);
 
@@ -298,7 +314,7 @@ function SettingsPage(): JSX.Element {
 										isDisabled={false}
 										showIcon={false}
 										onClick={(event): void => {
-											logEvent('Settings V2: Menu clicked', {
+											void logEvent('Settings V2: Menu clicked', {
 												menuLabel: item.label,
 												menuRoute: item.key,
 											});

frontend/src/pages/Settings/utils.ts

@@ -28,6 +28,7 @@ export const getRoutes = (
 	isCloudUser: boolean,
 	isEnterpriseSelfHostedUser: boolean,
 	t: TFunction,
+	isNoAuthMode = false,
 ): RouteTabProps['routes'] => {
 	const settings = [];
 
@@ -37,7 +38,7 @@ export const getRoutes = (
 	if (isWorkspaceBlocked && isAdmin) {
 		settings.push(
 			...organizationSettings(t),
-			...membersSettings(t),
+			...(isNoAuthMode ? [] : membersSettings(t)),
 			...mySettings(t),
 			...billingSettings(t),
 			...keyboardShortcuts(t),
@@ -64,7 +65,7 @@ export const getRoutes = (
 
 	if (isAdmin) {
 		settings.push(
-			...membersSettings(t),
+			...(isNoAuthMode ? [] : membersSettings(t)),
 			...serviceAccountsSettings(t),
 			...rolesSettings(t),
 			...roleDetails(t),

frontend/src/providers/App/App.tsx

@@ -12,8 +12,10 @@ import {
 import { useQuery } from 'react-query';
 import getLocalStorageApi from 'api/browser/localstorage/get';
 import setLocalStorageApi from 'api/browser/localstorage/set';
+import { useGetGlobalConfig } from 'api/generated/services/global';
 import { useGetMyUser } from 'api/generated/services/users';
 import listOrgPreferences from 'api/v1/org/preferences/list';
+import { clearAuthStorage } from 'utils/clearAuthStorage';
 import listUserPreferences from 'api/v1/user/preferences/list';
 import getUserVersion from 'api/v1/version/get';
 import { LOCALSTORAGE } from 'constants/localStorage';
@@ -68,11 +70,50 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 	const [isLoggedIn, setIsLoggedIn] = useState<boolean>(
 		(): boolean => getLocalStorageApi(LOCALSTORAGE.IS_LOGGED_IN) === 'true',
 	);
+	const [isNoAuthMode, setIsNoAuthMode] = useState<boolean>(false);
+	const [isPreflightLoading, setIsPreflightLoading] = useState<boolean>(true);
 	const [org, setOrg] = useState<Organization[] | null>(null);
 	const [changelog, setChangelog] = useState<ChangelogSchema | null>(null);
 
 	const [showChangelogModal, setShowChangelogModal] = useState<boolean>(false);
 
+	// Pre-flight: discover auth mode from public global config.
+	// On success: in impersonation mode → clear stale tokens, force isLoggedIn=true,
+	//             persist IS_NO_AUTH_MODE flag so the axios interceptor (outside React)
+	//             can skip the rotate-logout chain.
+	// On failure: fail-safe to normal auth flow (treat as not no-auth).
+	const { data: globalConfigData, isLoading: isFetchingGlobalConfig } =
+		useGetGlobalConfig({
+			query: {
+				retry: 2,
+				retryDelay: 1000,
+				refetchOnWindowFocus: false,
+				staleTime: Infinity,
+			},
+		});
+
+	useEffect(() => {
+		if (isFetchingGlobalConfig) {
+			return;
+		}
+
+		const impersonationEnabled =
+			globalConfigData?.data?.identN?.impersonation?.enabled === true;
+
+		if (impersonationEnabled) {
+			clearAuthStorage();
+			setLocalStorageApi(LOCALSTORAGE.IS_NO_AUTH_MODE, 'true');
+			setLocalStorageApi(LOCALSTORAGE.IS_LOGGED_IN, 'true');
+			setIsNoAuthMode(true);
+			setIsLoggedIn(true);
+		} else {
+			setLocalStorageApi(LOCALSTORAGE.IS_NO_AUTH_MODE, 'false');
+			setIsNoAuthMode(false);
+		}
+
+		setIsPreflightLoading(false);
+	}, [globalConfigData, isFetchingGlobalConfig]);
+
 	// fetcher for current user
 	// user will only be fetched if the user id and token is present
 	// if logged out and trying to hit any route none of these calls will trigger
@@ -342,6 +383,9 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 
 	// global event listener for LOGOUT event to clean the app context state
 	useGlobalEventListener('LOGOUT', () => {
+		if (isNoAuthMode) {
+			return;
+		} // logout is meaningless in no-auth; defensively no-op
 		setIsLoggedIn(false);
 		setDefaultUser(getUserDefaults());
 		setActiveLicense(null);
@@ -360,6 +404,8 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 			trialInfo,
 			orgPreferences,
 			isLoggedIn,
+			isNoAuthMode,
+			isPreflightLoading,
 			org,
 			isFetchingUser,
 			isFetchingActiveLicense,
@@ -395,6 +441,8 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 			isFetchingOrgPreferences,
 			isFetchingUser,
 			isLoggedIn,
+			isNoAuthMode,
+			isPreflightLoading,
 			org,
 			orgPreferences,
 			activeLicenseRefetch,

frontend/src/providers/App/types.ts

@@ -18,6 +18,8 @@ export interface IAppContext {
 	orgPreferences: OrgPreference[] | null;
 	userPreferences: UserPreference[] | null;
 	isLoggedIn: boolean;
+	isNoAuthMode: boolean;
+	isPreflightLoading: boolean;
 	org: Organization[] | null;
 	isFetchingUser: boolean;
 	isFetchingActiveLicense: boolean;

frontend/src/tests/test-utils.tsx

@@ -237,6 +237,8 @@ export function getAppContextMock(
 		isFetchingOrgPreferences: false,
 		orgPreferencesFetchError: null,
 		isLoggedIn: true,
+		isNoAuthMode: false,
+		isPreflightLoading: false,
 		showChangelogModal: false,
 		updateUser: jest.fn(),
 		updateOrg: jest.fn(),

frontend/src/utils/__tests__/clearAuthStorage.test.ts

@@ -0,0 +1,39 @@
+import { LOCALSTORAGE } from 'constants/localStorage';
+
+import { clearAuthStorage } from '../clearAuthStorage';
+
+describe('clearAuthStorage', () => {
+	beforeEach(() => {
+		localStorage.clear();
+	});
+
+	it('removes all auth-related localStorage keys', () => {
+		localStorage.setItem(LOCALSTORAGE.AUTH_TOKEN, 'access');
+		localStorage.setItem(LOCALSTORAGE.REFRESH_AUTH_TOKEN, 'refresh');
+		localStorage.setItem(LOCALSTORAGE.IS_LOGGED_IN, 'true');
+		localStorage.setItem(LOCALSTORAGE.LOGGED_IN_USER_EMAIL, 'old@example.com');
+		localStorage.setItem(LOCALSTORAGE.LOGGED_IN_USER_NAME, 'old');
+		localStorage.setItem(LOCALSTORAGE.IS_IDENTIFIED_USER, 'true');
+		localStorage.setItem(LOCALSTORAGE.USER_ID, 'abc');
+
+		clearAuthStorage();
+
+		expect(localStorage.getItem(LOCALSTORAGE.AUTH_TOKEN)).toBeNull();
+		expect(localStorage.getItem(LOCALSTORAGE.REFRESH_AUTH_TOKEN)).toBeNull();
+		expect(localStorage.getItem(LOCALSTORAGE.IS_LOGGED_IN)).toBeNull();
+		expect(localStorage.getItem(LOCALSTORAGE.LOGGED_IN_USER_EMAIL)).toBeNull();
+		expect(localStorage.getItem(LOCALSTORAGE.LOGGED_IN_USER_NAME)).toBeNull();
+		expect(localStorage.getItem(LOCALSTORAGE.IS_IDENTIFIED_USER)).toBeNull();
+		expect(localStorage.getItem(LOCALSTORAGE.USER_ID)).toBeNull();
+	});
+
+	it('preserves non-auth localStorage keys', () => {
+		localStorage.setItem(LOCALSTORAGE.THEME, 'dark');
+		localStorage.setItem(LOCALSTORAGE.AUTH_TOKEN, 'access');
+
+		clearAuthStorage();
+
+		expect(localStorage.getItem(LOCALSTORAGE.THEME)).toBe('dark');
+		expect(localStorage.getItem(LOCALSTORAGE.AUTH_TOKEN)).toBeNull();
+	});
+});

frontend/src/utils/clearAuthStorage.ts

@@ -0,0 +1,16 @@
+import deleteLocalStorageKey from 'api/browser/localstorage/remove';
+import { LOCALSTORAGE } from 'constants/localStorage';
+
+const AUTH_KEYS: LOCALSTORAGE[] = [
+	LOCALSTORAGE.AUTH_TOKEN,
+	LOCALSTORAGE.REFRESH_AUTH_TOKEN,
+	LOCALSTORAGE.IS_LOGGED_IN,
+	LOCALSTORAGE.LOGGED_IN_USER_EMAIL,
+	LOCALSTORAGE.LOGGED_IN_USER_NAME,
+	LOCALSTORAGE.IS_IDENTIFIED_USER,
+	LOCALSTORAGE.USER_ID,
+];
+
+export const clearAuthStorage = (): void => {
+	AUTH_KEYS.forEach((key) => deleteLocalStorageKey(key));
+};