Expose decoded tokens

[Aareksio]

Is your feature request related to a problem? Please describe.

As steam-session consumer I would like to know when to call renewRefreshToken() and refreshAccessToken().

Describe the solution you'd like

Expose decoded refreshToken and accessToken as properties or getters

Describe alternatives you've considered

Decode JWT in user application. This approach is likely to introduce overkill libraries to user code. Since steam-session is already capable of decoding tokens (and does so), exposing the data seems like a natural solution.

[DoctorMcKay]

I really don't think this belongs in steam-session's API. Purpose-built JWT decoders are more appropriate here.

[Aareksio]

You are right decoding the whole token is outside of the scope.

However, knowing if the refresh token is expiring (shortly) seems plausible. Knowing the expiration time is required for promptly renewal. As the library already decodes the tokens, exposing the expiration time seems like better solution, then asking users to bring their own JWT decoder.

[DoctorMcKay]

I don't have any way of saying with 100% confidence that Valve is always going to use JWTs. I don't want to expose any API that operates off of assumptions. Yes, the module decodes and inspects JWT data internally, but that's mostly just to provide value-adds in the form of keeping people from passing the wrong kinds of tokens and getting confused when things don't work.