Support persistent logins (OAuth refresh tokens)

[kepstin]

The current behaviour of MagicISRC requires that a user re-authenticate with MusicBrainz when their auth token has expired (or if the session storage in the browser is cleared). This is a few extra clicks in the workflow, so for people who use MagicISRC regularly it would be nice to have MagicISRC remember logins.

Some things to think about:

• Probably needs some login UI work so I can have a "remember me" option to enable persistent logins
• Store login information and refresh token in permanent storage rather than session storage
• When should the token be refreshed? Probably only makes sense to do this on ISRC submit (do I want to do it on initial page load?), but error handling and persisting data for re-login might be tricky.

[kepstin]

After looking into this a bit further, we probably don't want to actually use refresh tokens (this requires doing an oauth request with access_type set to "offline" - which is a bit odd, considering that magicisrc is an entirely online application).

What can be done here is to have the user go through the oauth flow with approval_prompt=auto when submitting data, if we don't have a valid auth token available. In most cases, this will be invisible - if the user has already approved access to the MagicISRC application, the oauth flow will immediately redirect back to MagicISRC without showing the MusicBrainz authorization page. It would be possible to have "one click" that gets a new auth token and submits data.

This should be combined with a "remember me" option to cache the user name with a longer duration (continue displaying you as logged in even after the auth token expires).

Another thought is that it might be possible to get rid of the "login" concept completely. Have submissions simply go through if the user has already authorized the app - if they haven't done that previously, they'll get prompted once for access during the submission flow.