[tokens] Refresh token
We need to handle expired tokens and provide new refresh tokens when that happens.
Currently, we can check if the CURRENT_USER query failed, and remove token / redirect to login.
This, however, is problematic:
- The query is most likely to occur at some high level component. So for the check to be done, the query needs to run.
- The query needs to be set to never read the cache for getting the current user. If it does read the cache, the app risks returning a current user without validating the token.
- If the token expires while a user has an open page for a while, tasks can fail without being logged out. For example, if a user is writing a review, and in the meantime the token expires, hitting the "Submit" button will fail, as would any request with an invalid token. However, the current user query is not re-run at that point, and the user will most likely lose their work.
- There is redundant code that needs to be written to handle these cases.