A `refresh` parameter has been added to /auth/login to create a new JWT with an extended `expiredAt`.