Support external authentication.
Something like:
http:
auth_redirect: https://example.com/startauth
that will tell the frontend where it needs to redirect the user to re-authenticate when it receives access denied errors from the backend (not just unreachable, but actually get unauthorized or similar responses)