In my point of view, the correct place to put you logic is in the View Controller level.
If I correctly understood you question, you have a Network API that handles the server calls and return the result (possibly from a JSON) to the view controller.
The best approach should be to create a Login View Controller, with the username/email and password fields, separate from the rest of the application logic. After receiving the OK from the server, this view controller can be dismissed and the application will flow as intended.
If your token was invalidated, the server should return an Error 401 to your Network API.
You can simply encapsulate that error into an NSError object, and pass to the View Controller to handle.
Anywhere in the app, a server call can return Error 401, and as a result you apologize to your user and pull back the Login View Controller, to force a new token to be created.
I hope I helped.
