Problem
Token expiry/refresh is the most critical security component but has zero E2E test coverage. TOKEN_TTL_SECONDS is configurable, so we can use a short TTL for testing.
Acceptance Criteria
- Start backend with
TOKEN_TTL_SECONDS=10
- Upload video, start playback
- Wait for token to expire (>10s)
- Verify playback continues (token was refreshed) or fails gracefully with user-visible error
- Playwright test documented in
docs/guides/playwright-testing.md
Depends on: token refresh fix (issue above)
Problem
Token expiry/refresh is the most critical security component but has zero E2E test coverage.
TOKEN_TTL_SECONDSis configurable, so we can use a short TTL for testing.Acceptance Criteria
TOKEN_TTL_SECONDS=10docs/guides/playwright-testing.mdDepends on: token refresh fix (issue above)