[keycloak-user] how to intercept/flow: VerificationException: Token is not active

Hi I have 2 bearer rest layers (A,B): A calls B. In front I have an angular web layer calling A -> B. What is the best practices to handle "Token is not active" when user sits in front idle and token becomes inactive, http session still valid but KC token expired? If B reaches token not active, on the call from A to B - how would I propagate this to the front layer? A has to consume the ValidationException from B and notify front layer to auto logout or prompt the user with a message saying 'your session expired, please login' or automatically throw the user into the login prompt in front. For this scenario above, anyone share some thoughts? Thanks