--- a/cmd/tokenserver/main.go	Thu Jun 28 17:26:38 2018 +0200
+++ b/cmd/tokenserver/main.go	Fri Jun 29 17:17:20 2018 +0200
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/json"
 	"flag"
 	"fmt"
 	"log"
@@ -11,14 +12,14 @@
 )
 
 func sysAdmin(rw http.ResponseWriter, req *http.Request) {
-	claims, _ := auth.GetClaims(req)
+	session, _ := auth.GetSession(req)
 	rw.Header().Set("Content-Type", "text/plain")
-	fmt.Fprintf(rw, "%s is a sys_admin\n", claims.User)
+	fmt.Fprintf(rw, "%s is a sys_admin\n", session.User)
 }
 
 func renew(rw http.ResponseWriter, req *http.Request) {
 	token, _ := auth.GetToken(req)
-	newToken, err := auth.ConnPool.Replace(token, auth.GenerateToken)
+	newToken, err := auth.ConnPool.Renew(token)
 	switch {
 	case err == auth.ErrNoSuchToken:
 		http.NotFound(rw, req)
@@ -27,8 +28,25 @@
 		http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError)
 		return
 	}
+
+	session, _ := auth.GetSession(req)
+
+	var result = struct {
+		Token   string   `json:"token"`
+		Expires int64    `json:"expires"`
+		User    string   `json:"user"`
+		Roles   []string `json:"roles"`
+	}{
+		Token:   newToken,
+		Expires: session.ExpiresAt,
+		User:    session.User,
+		Roles:   session.Roles,
+	}
+
 	rw.Header().Set("Content-Type", "text/plain")
-	fmt.Fprintf(rw, "%s\n", newToken)
+	if err := json.NewEncoder(rw).Encode(&result); err != nil {
+		log.Printf("error: %v\n", err)
+	}
 }
 
 func logout(rw http.ResponseWriter, req *http.Request) {
@@ -46,15 +64,29 @@
 	user := req.FormValue("user")
 	password := req.FormValue("password")
 
-	token, err := auth.GenerateToken(user, password)
+	token, session, err := auth.GenerateSession(user, password)
 
 	if err != nil {
 		http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError)
 		return
 	}
 
-	rw.Header().Set("Content-Type", "text/plain")
-	fmt.Fprintf(rw, "%s\n", token)
+	var result = struct {
+		Token   string   `json:"token"`
+		Expires int64    `json:"expires"`
+		User    string   `json:"user"`
+		Roles   []string `json:"roles"`
+	}{
+		Token:   token,
+		Expires: session.ExpiresAt,
+		User:    session.User,
+		Roles:   session.Roles,
+	}
+
+	rw.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(rw).Encode(&result); err != nil {
+		log.Printf("error: %v\n", err)
+	}
 }
 
 func main() {
@@ -65,11 +97,11 @@
 	mux := http.NewServeMux()
 	mux.Handle("/", http.StripPrefix("/", http.FileServer(http.Dir(p))))
 	mux.HandleFunc("/api/token", token)
-	mux.Handle("/api/logout", auth.JWTMiddleware(http.HandlerFunc(token)))
-	mux.Handle("/api/renew", auth.JWTMiddleware(http.HandlerFunc(renew)))
+	mux.Handle("/api/logout", auth.SessionMiddleware(http.HandlerFunc(token)))
+	mux.Handle("/api/renew", auth.SessionMiddleware(http.HandlerFunc(renew)))
 	mux.Handle("/api/sys_admin",
-		auth.JWTMiddleware(
-			auth.ClaimsChecker(http.HandlerFunc(sysAdmin), auth.HasRole("sys_admin"))))
+		auth.SessionMiddleware(
+			auth.SessionChecker(http.HandlerFunc(sysAdmin), auth.HasRole("sys_admin"))))
 
 	addr := fmt.Sprintf("%s:%d", *host, *port)
 	log.Fatalln(http.ListenAndServe(addr, mux))