When rendering any entity page on the server-side (to be sent to the client), an auth endpoint is called from the server-side.
This shouldn't happen, and the auth endpoint should only be called from the client side.

The file in question is src/client/components/pages/entities/cbReviewModal.tsx
https://github.com/metabrainz/bookbrainz-site/blob/master/src/client/components/pages/entities/cbReviewModal.tsx#L135-L136

The `getAccessToken` method is called in this component's `componentDidMount` lifecycle: https://github.com/metabrainz/bookbrainz-site/blob/master/src/client/components/pages/entities/cbReviewModal.tsx#L504-L506