token expiration code is incorrect.

[mzbik]

Section 7.1.3 in http://www.hl7.org/fhir/smart-app-launch/index.html talks about how refresh tokens get expiration times, notably, the access_token is supposed to be opaque ("private") and the field "expires_in" contains the number of seconds the entire token response is valid for.

The code in src/app/services/smart.service.ts, line 207 attempts to extract the 'exp' value from a jwt-formatted token. While this works for some oauth servers, its incorrect for servers like healthit.gov.