Context: User is trying to access a website 'A' in browser but,'A' relies upon another web application 'B' (Authentication Server) to authenticate & authorize the user using "Implicit Grant" OAuth 2.0 flow.
Question: When a user access a web page in website 'A' for the 1st time, how does the website 'A' knows that this 1st time request does not have a valid access token and then redirect this request to Website 'B' ?
Does the 'Webserver' of website 'A' makes this check of access token ?
IMPLICIT FLOW SOLUTIONS
This solution is used by web apps where no code executes on the web server - and your Web UI is a Single Page Application - is this definitely the same as your solution?
SERVER SIDE WEB APP SOLUTIONS
If your solution is different to the above then it sounds like you have a server side web app instead - in this case the Implicit Flow is not the right solution.
IF YOU DEFINITELY HAVE A SINGLE PAGE APP
There is a bit of a learning curve to using OAuth 2.0 and Open Id Connect with Single Page Apps. I would recommend the excellent OIDC Client Library which will do a lot of work for you.
Out of interest I've written a detailed blog + code samples around OAuth 2.0 solutions, including SPAs. I hope you can just browse it to improve your understanding - maybe start with This Overview.
The JavaScript application "website A" probably keeps the access token and its expiration time somewhere - for example in the session storage. So on load, the application can check the presence of an access token and its expiration time. The expiration time is delivered along with the token in a redirect URL (expires_in parameter) from the auth provider.
