Refresh route + axios retry on 401 (instead of current sign-out). Email verification already shipped.
Cross-stack issues:
- Node#26 β Refresh token rotation (open)
- Vue#30 β Axios interceptor 401 β refresh β retry (open)
Scope: Node POST /api/auth/refresh (access 15min / refresh 7d, rotation on each use) + Vue axios interceptor.
Acceptance: expired token β transparent refresh β original request retried; sign-out only if refresh fails.
Sub-issue of Auth & session hardening (#3804).
Refresh route + axios retry on 401 (instead of current sign-out). Email verification already shipped.
Cross-stack issues:
Scope: Node
POST /api/auth/refresh(access 15min / refresh 7d, rotation on each use) + Vue axios interceptor.Acceptance: expired token β transparent refresh β original request retried; sign-out only if refresh fails.
Sub-issue of Auth & session hardening (#3804).