Manage OAuth token
In the current setup, after logging in if the user refreshes the page (
Cmd+R, ...), the OAuth tokens are forgotten and the user is logged out.
Tokens and user roles should be stored in cookies. For server rendering we have to access user roles from the request and check user permissions before sending generated page (if user can't see some page, render a login page instead). And also we have to check user permissions on client side.