Feature request: support expiring access tokens #447
Description
IndiePass appears to expect that the received access_token will be valid forever. If the server responds with a HTTP 401, this gets displayed to the user as an error.
If the access_token has expired, the server will respond with a 401 with a WWW-Authenticate: error="invalid_token" header: https://datatracker.ietf.org/doc/html/rfc6750#section-3.1
It would be useful if IndiePass could spot this error and either restart the login process from the beginning, or make use of a refresh_token if one was present in the initial access token response.