Refresh access token (silent)

[geolunalg]

Overview

User Story:
As a user, I want my session to continue seamlessly when my access token expires.

Action Items

User Story:
As a user, I want my session to continue seamlessly when my access token expires.
Acceptance Criteria:

• When access token is expired and API returns 401, client calls POST /auth/refresh.
• Backend reads refresh token from cookie and:
  • if valid: returns a new access token
  • if invalid/expired: returns 401 and client routes to login
• Client retries the original request once after successful refresh.

Resources/Instructions

• This issue is part of the epic: EPIC: Authentication & Session Management (JWT + Refresh) #2065

[rteas]

Backend api has JWT refresh functionality.

For a seamless UX, we should have the frontend refresh the token roughly a minute before the token expires.
We can probably implement a timer function to check every ~30s.

[geolunalg]

@JackHaeg @trillium @rteas

Need confirmation from Richy if this is done When access token is expired and API returns 401, client calls POST /auth/refresh.

Frontend task Client retries the original request once after successful refresh.

Size: M