Google session token refresh for the web app
xpenser fixed Google session expiry by refreshing the embedded API token from the trusted web session before protected calls fail.

Google sign-in sessions became more reliable for users who stay signed in across days.
This release came from PR #16 and is now part of the xpenser release archive. It gives people evaluating an open-source expense tracker a clearer view of how the product has improved over time.
What changed
- Added an internal session-token refresh endpoint.
- Tracked API token expiry in Auth.js JWT handling.
- Refreshed the API JWT before it expired or when it was missing expiry data.
Why it matters
The browser session could still be valid while the nested API token expired. Refreshing that token prevents surprise logout behavior for normal app usage.
Where it fits
This improves authenticated dashboard, transaction, and report access for hosted and self-hosted xpenser users.
For a broader product overview, start with the xpenser home page. Developers can also explore the personal finance API and MCP tools, while self-hosters can review the self-hosted personal finance tracker page.