I see that something isn’t clear, the PWA is guarded too, means that if the user doesn’t have a valid token (generated thru the login) he/she can’t access and will be redirected to a login page (which is part of the PWA itself), think about it as any web applications were a login is mandatory would handle such use case. Therefore if the user clean is storage, no more token, then he/she would be redirected to the login page of the PWA too.