Save access token; add _api method; add profile method

[noduck]

Hi,

Please consider these changes:

• After login, save access token in local .cache file
• Add a generic _api method
• Add a profile method (using _api method)
• Upon login, load access token and test validity with a call to the profile method
• Use _api method in activities
• Fix CSRF RE
• add t/30-profile.t test

Best!

[jlouder]

Does this cache the token forever? I couldn't see where we decide if the token is too old.

The call that gives us access_token gives an expiration, too. There's an expires_in property that is a number (seconds, I'm guessing?).

If we are going to cache the access token, I think we need to be able to detect when it's no longer valid and get a new one.

[jlouder]

I saw the comment you added to the issue about this: the code will use the token until it fails, then generate a new one. That seems good enough, and quite simple.

I'll merge this PR and make a new release later this week.

Thank you for contributing!