- add a dedicated "edit passport" flow -- instead of logging in, you jump straight to editing and re-logging-in
- improved story about how the ui behaves when tokens expire
- users (not devs) can choose how long to authorize an app (1-hour, 24-hours, 7-days)