This is because the handleOpenUrl function isn't called immediately, so the app restores the session and starts calling WebServices before we receive the new token.
How to reproduce:
- Login on the app in master using OAuth.
- Reset token in web (Preferences > Security keys)
- Browse in the app until you see the warning that token is invalid or expired
- OK/Confirm and re-authenticate
- App re-opens, it will display the token expired message again.