Currently the tokens expire after ~ 15 minute, and the user needs to logout/login to get access back. It's painful, and avoidable by refreshing the tokens.

Would be a good time to also remove the auth0 requirement as it's not used anymore.

Blocked by #167