changes authentication to no longer use a refresh token & access token
for accessing protected endpoints. Instead only an auth token is used.
Before the login flow was:
Login -> get refresh (stored as HttpOnly cookie) + access token (stored in memory) ->
protected endpoint request (attach access token as Authorization header) -> access token expires in
15 minutes, so use refresh token to obtain new one when that happens
now it looks like this:
Login -> get auth token (stored as HttpOnly cookie) -> make protected endpont
request (token sent)
the reasoning for using the refresh + access token was to reduce DB
calls, but in the end I don't think its worth the hassle.
