diff --git a/internal/http/authenticator.go b/internal/http/authenticator.go
index e0b8be74..9df067d0 100644
--- a/internal/http/authenticator.go
+++ b/internal/http/authenticator.go
@@ -16,6 +16,7 @@ import (
 
 var (
 	ErrLoginRequired = errors.New("login required")
+	ErrTokenExpired  = errors.New("oauth2: token expired and refresh token is not set")
 )
 
 type UserAuthenticator struct {
diff --git a/internal/http/client.go b/internal/http/client.go
index 675ebbe5..2bba9f1b 100644
--- a/internal/http/client.go
+++ b/internal/http/client.go
@@ -10,6 +10,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strings"
 	"time"
 
 	"github.com/google/uuid"
@@ -87,6 +88,12 @@ func (c *Client) Do(method string, path string, requestBody, responseBody interf
 		if stderrors.As(err, &dnsError) || (stderrors.As(err, &urlError) && stderrors.Is(err, io.EOF)) {
 			return connectivityError
 		}
+
+		// Checking on the string as errors.Is fails to match on our ErrTokenExpired which is a copy of the internal oauth2 error from golang/x/oauth2 package.
+		if strings.Contains(err.Error(), ErrTokenExpired.Error()) {
+			return fmt.Errorf("%w: %w", ErrLoginRequired, err)
+		}
+
 		return &ErrorResponse{
 			Message: err.Error(),
 			ID:      id.String(),