add refresh token

admin/src/app/auth/auth.service.ts

@@ -32,6 +32,7 @@ export class AuthService {
    * This is the definitive logout action from the user's perspective.
    */
   clientSideLogout(): void {
+    console.info("clientSideLogout")
     this.removeTokens();
     this.router.navigate(['/login']);
   }

admin/src/app/auth/jwt.interceptor.ts

@@ -53,10 +53,9 @@ export class JwtInterceptor implements HttpInterceptor {
           this.isRefreshing = false;
           this.refreshTokenSubject.error(err);
 
-          // In a refresh failure, the user MUST be logged out.
-          // Call the synchronous client-side logout to avoid re-intercepting.
-          this.authService.clientSideLogout();
-
+          // The interceptor's job is done. It failed to refresh.
+          // It should NOT handle logout. It should just propagate the error.
+          // The calling service/component will be responsible for the user-facing action.
           return throwError(() => err);
         })
       );