jlouvel authored Sep 18, 2023 and Damien Mat Jedrzejewski committed Oct 17, 2023

Module keeps an authorization header even when it's not valid anymore.
Since storage lifespan is pretty short on the website (10 minutes and
can't be refreshed), setting STATE_DURATION in the browser to match
website behavior and do a new login if needed.