Logout of tutors after inactivity

Description / Overview

Logout of tutors after inactivity. Since JWT tokens (see #41 (closed)) expire after a set amount of time, we get the "automatic" part for free. The "inactivity" part can be accomplished by keeping track of the age of the token client side. If the token is about to expire a POST to a api-token-refrsh endpoint can be made ( JWT refresh token. This could be implemented via axios interceptors or via hooks on Vue components to detect when a user interacts with the DOM (don't know if this is viable).

Use cases

Definitely tutors and reviewers. For students maybe a hard time cap is better.

Links / references

JWT refresh token

Axios interceptors

Feature checklist

Configure JWT expiry time to something reasonable (Proposal: 5-10 Minutes)
configure djangorestframwork-jwt to to allow token-refresh
provide api-endpoint for refresh
Look into methods to register inactivity
Refresh token via POST to api-endpoint
change axios headers config to new token
display time left in top toolbar + option to refresh
display unobtrusive inactivity notification
display logout message upon redirect to login page

Edited Dec 10, 2017 by robinwilliam.hundt