I was able to resolve the error and everything is working as expected now, with login state automatically persisted across refreshes without me needing to do anything special except follow Kyle’s flow, not my needlessly overcomplicated one.
My failure to get this to work originally was because I didn’t understand that AuthClient.create() is not idempotent. I thought it always returned a new “empty” (non-logged-in) AuthClient. Now I know that it fetches a logged in identity from (by default) local storage if there is one (I didn’t even know that it ever put one there in the first place). Pretty slick, if somewhat magical. I guess I missed that part of the explanation (and the code that made it work) when I was following @kpeacock’s IC Avatar videos when I originally set up my auth flow. Is there documentation that clearly explains this flow, including the magic?
Btw, the resolution to the “failed to authenticate” error above was to clear the cache for the page before going through the flow from scratch.