Commits
Raif Atef authored a47f6d2bfc4
Refresh tokens when needed instead of logging out when access_token expires. - refresh_token + access_token expiry is sent via encrypted cookie to the browser. - If cookie is missing or invalid, user is logged out. - If last access token expired, use refresh token to fetch a new one and send a new cookie. - If token refresh fails, user is logged out. - Cookie encryption is with per-user random key stored in user meta. - Encryption and key generation done using https://github.com/defuse/php-encryption - Updated autoloader function to support loading namespaced classes.