Use refresh tokens instead of hourly access tokens

[ronnyli]

Tired of having to log back in all the time. It's still secure to use refresh tokens instead of hourly access tokens as long as I don't store it anywhere (so you'll need to log back in every session). Should still be a major improvement.

https://auth0.com/docs/security/store-tokens#if-no-backend-is-present