Add query to get new access token

* If the user has an expired access token and valid refresh token
   - generate a new token and set in response + cookie
* If the user has a valid access token return the same and set in cookie