diff --git a/.changelog/2696.txt b/.changelog/2696.txt
new file mode 100644
index 00000000000..05197c52e96
--- /dev/null
+++ b/.changelog/2696.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: Fix edge case issue where users would not be redirected to the authentication screen if no api token was set
+```
diff --git a/ui/app/routes/application.ts b/ui/app/routes/application.ts
index aa1a919ac43..0fb5fec5f21 100644
--- a/ui/app/routes/application.ts
+++ b/ui/app/routes/application.ts
@@ -4,7 +4,11 @@ import Transition from '@ember/routing/-private/transition';
 import { action } from '@ember/object';
 import { inject as service } from '@ember/service';
 
-const ErrInvalidToken = 'invalid authentication token';
+const ErrsInvalidToken = ['invalid authentication token', 'Authorization token is not supplied'];
+
+interface ApiError extends Error {
+  code: number;
+}
 
 export default class Application extends Route {
   @service session!: SessionService;
@@ -18,10 +22,10 @@ export default class Application extends Route {
   }
 
   @action
-  error(error: Error): boolean | void {
+  error(error: ApiError): boolean | void {
     console.log(error);
-
-    if (error.message.includes(ErrInvalidToken)) {
+    let hasAuthError = ErrsInvalidToken.some((msg) => error.message.includes(msg)) || error.code === 16;
+    if (hasAuthError) {
       this.session.invalidate();
       this.transitionTo('auth');
     }
diff --git a/ui/tests/acceptance/auth-test.ts b/ui/tests/acceptance/auth-test.ts
new file mode 100644
index 00000000000..cdd492a6854
--- /dev/null
+++ b/ui/tests/acceptance/auth-test.ts
@@ -0,0 +1,22 @@
+import { currentURL, visit } from '@ember/test-helpers';
+import { module, test } from 'qunit';
+
+import login from 'waypoint/tests/helpers/login';
+import { setupApplicationTest } from 'ember-qunit';
+import { setupMirage } from 'ember-cli-mirage/test-support';
+
+module('Acceptance | auth', function (hooks: NestedHooks) {
+  setupApplicationTest(hooks);
+  setupMirage(hooks);
+
+  test('redirects to /auth from authenticated routes when logged out', async function (assert) {
+    await visit(`/default`);
+    assert.equal(currentURL(), `/auth`);
+  });
+
+  test('does not redirect to /auth from authenticated routes when logged in', async function (assert) {
+    await login();
+    await visit(`/default`);
+    assert.equal(currentURL(), `/default`);
+  });
+});