“Right” has a subjective component to it, but here is how I handle authentication. I prefer to decouple the act of logging in from the reaction to having logged in. I find this more flexible, because it makes it easier to handle cases where logging in and out is done in many ways, such as retrieving stored authentication tokens from storage, which does not interact with the backend at all, but the rest of the app that presents authenticated content should not have to concern itself with that.