Support time boxed tokens #11
Description
Temporary tokens with a refresh are becoming increasingly common as the preferred way. For example Gitlab's new policy is to issue tokens with a 2 hours lifetime.
Access tokens expire after 2 hours. A refresh token may be used at any time to generate a new access token. Non-expiring access tokens are deprecated.
To support this scenario is required to have a mechanism that obtains a new token using the refresh token.