Make use of the verify, as long as verify returns a user, access_token and refresh_token you can do whatever you want
Added method to check the session. It validates the access_token (if present), will refresh the session (if present and the access_token is no longer valid) and returns the user or redirects (with the appropriate headers).
Adding the following enhancements: