ContinueSession checks the request cookies for an existing auth session and continues it if possible.

EndSession invalidates the current session and clears the user's cookies.

ForceAuthTokenRefresh should be called whenever something happens that would result in existing auth tokens being out-of-date.

GenerateNonce generates a random nonce to be signed by a wallet.

GetSessionIDFromCtx returns the session ID from the context.

GetUserAuthedFromCtx queries the context to determine whether the user is authenticated.

GetUserIDFromCtx returns the user ID from the context.

Login logs in a user with a given authentication scheme.

StartSession begins a new session for the specified user.

AuthCookieKey is the key used to store the auth token in the cookie.

NoncePrepend is prepended to a nonce to make our default signing message.

RefreshCookieKey is the key used to store the refresh token in the cookie.

TODO: Figure out a better scheme for handling user-facing errors.

ErrInvalidJWT is returned when the JWT is invalid.

ErrMessageDoesNotContainNonce is returned when a nonce authenticator's message does not contain its nonce.

ErrNoCookie is returned when there is no JWT in the request.

ErrNonceMismatch is returned when the nonce does not match the expected nonce.

ErrSignatureInvalid is returned when the signed nonce's signature is invalid.

AuthenticatedAddress contains address information that has been successfully verified by an authenticator.