Refresh Token Authentication

[elimelt]

We need to implement client-side error handling in all of our secured endpoints to deal with token expiration and refreshing.

The basic flow we will use is as follows:

Client sends a request to a sensitive endpoint

• If token is missing/malformed, send error with status 401 and handle on client side
• If token is expired, try to refresh access token
  1. Send request with userID and old token to refresh access token
  2. Retrieve access token from database.
  3. If refresh token expired, req fails with 412, user must log in again
  4. Else, verify with old token and generate new access token
  5. Send new access token in response to user and retry original request with new access token.
• If token is valid, success!

[elimelt]

Working on branch refresh-token

So far, I've implemented a refresh endpoint that verifies the user's refresh token, as well as if they have their most recent access token.

All that's left to do on this front is to implement the functionality for requesting a new token on the client side.