# Fixes and Improvements

* Refresh callback only handles user tokens, not service tokens.
* Add logging to provide a better debugging experience.
* When anything goes wrong in communicating with the OpenID provider, trigger a
  logout (at least) to prevent users ending up in an awkward or unrecoverable
  situation of being logged in but not able to log out because the app is
  broken due to the token being invalid.
* Split compatibility stuff out of Authkit2 class and into a separate compat
  class.

# Features

* Handling and documentation of app-to-app authentication on behalf of users.
* Handling and documentation of app-to-app authentication on behalf of apps.
  (Service Accounts)
* Example of service account usage.