So the solution that we came up for this is to have two tokens, with different "tags" and expiration dates.

• login - This is the short term token for handling login
• remember - The long term token, for remember me

cc @calvinmetcalf for fleshing this out to include what each does and how they work together.

Pros/cons as well maybe.

they should have different scopes with the remember one always requiring a user lookup in the database

cc @ismyrnow

In as of 1.2.0