Refresh tokens #65
Description
Currently only access (bearer JWT) tokens are used for authentication. Ideally these tokens should expire after an hour to prevent unauthorized access due to walking away from the web-browser. To prevent the user from having to re-log every hour there needs to be a refresh token mechanism added to the auth strategy. Refresh tokens should expire after a substantially longer period and be used to obtain a new access jwt for the current session.