Auth - Swap Refresh to Token and change secrets to be strings, not tokens (#1444)

* Refresh => Token

* Secret is no longer a token

Co-authored-by: Ben Toogood <ben@micro.mu>

auth/auth.go

@@ -42,8 +42,8 @@ type Auth interface {
 	Verify(acc *Account, res *Resource) error
 	// Inspect a token
 	Inspect(token string) (*Account, error)
-	// Refresh an account using a secret
-	Refresh(secret string, opts ...RefreshOption) (*Token, error)
+	// Token generated using an account ID and secret
+	Token(id, secret string, opts ...TokenOption) (*Token, error)
 	// String returns the name of the implementation
 	String() string
 }
@@ -63,7 +63,7 @@ type Account struct {
 	// ID of the account (UUIDV4, email or username)
 	ID string `json:"id"`
 	// Secret used to renew the account
-	Secret *Token `json:"secret"`
+	Secret string `json:"secret"`
 	// Roles associated with the Account
 	Roles []string `json:"roles"`
 	// Any other associated metadata