Document (non-oauth) authentication API error signalling?

[DavidBuchanan314]

Based on reading the client api source, it seems like expired tokens are expected to be rejected with an HTTP 400 response, containing "ExpiredToken" in the body. I don't think this is currently documented anywhere.

atproto/packages/api/src/atp-agent.ts

Lines 225 to 229 in f70d159

	const isExpiredToken = await isErrorResponse(
	initialRes,
	[400],
	['ExpiredToken'],
	)

Edit: I think the expected response needs to look like this, specifically:

{
    "error": "ExpiredToken",
    "message": "*",
}

[DavidBuchanan314]

I'm going to have to emulate this API response format in millipds, if I want bsky.app to do session refresh properly.