804725a785
TaxBaik CI/CD / build-and-deploy (push) Successful in 48s
**Issues Resolved:** 1. Access Token lifetime extended 15m → 1h (better UX) - Users can browse admin pages for 1 hour without re-login - Reasonable balance between security and usability 2. Automatic pre-expiry token refresh - GetAuthenticationStateAsync() now checks if token expires in <5min - Automatically refreshes before expiry when user is still active - Prevents sudden logout during admin work **Implementation:** - Added ShouldRefreshToken() to detect imminent expiry (300s window) - On auth state check, if token expiring soon: trigger refresh via AuthService - Refresh happens transparently, no user interaction needed - Maintains 7-day Refresh Token TTL for security **Behavior:** - User logs in with 1-hour session - Every page load/navigation checks token status - If <5min remaining: auto-refresh (user doesn't notice) - If refresh fails: graceful logout with warning - Refresh Token (7 days) allows re-login without password This provides better UX while maintaining security through shorter-lived access tokens and automatic renewal. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>