diff --git a/lib/tunnelbroker/tunnelbroker-context.js b/lib/tunnelbroker/tunnelbroker-context.js
--- a/lib/tunnelbroker/tunnelbroker-context.js
+++ b/lib/tunnelbroker/tunnelbroker-context.js
@@ -8,6 +8,7 @@
 import { PeerToPeerProvider } from './peer-to-peer-context.js';
 import { PeerToPeerMessageHandler } from './peer-to-peer-message-handler.js';
 import type { SecondaryTunnelbrokerConnection } from './secondary-tunnelbroker-connection.js';
+import { useInvalidCSATLogOut } from '../actions/user-actions.js';
 import { PeerOlmSessionCreatorProvider } from '../components/peer-olm-session-creator-provider.react.js';
 import { tunnnelbrokerURL } from '../facts/tunnelbroker.js';
 import { DMOpsQueueHandler } from '../shared/dm-ops/dm-ops-queue-handler.react.js';
@@ -114,6 +115,8 @@
     state => state.lifecycleState !== 'background',
   );
 
+  const invalidTokenLogOut = useInvalidCSATLogOut();
+
   const [unauthorizedDeviceID, setUnauthorizedDeviceID] =
     React.useState<?string>(null);
   const isAuthorized = !unauthorizedDeviceID;
@@ -293,6 +296,10 @@
                 'received ConnectionInitializationResponse with status: Success for already connected socket',
               );
             } else {
+              if (message.status.data?.includes('UnauthorizedDevice')) {
+                void invalidTokenLogOut();
+                return;
+              }
               setSocketState({ connected: false, retryCount: 0 });
               console.log(
                 'creating session with Tunnelbroker error:',
@@ -342,6 +349,7 @@
     createInitMessage,
     socketState.connected,
     socketState.retryCount,
+    invalidTokenLogOut,
   ]);
 
   const sendMessage: (request: DeviceToTunnelbrokerRequest) => Promise<void> =