https://joaodecarvalho.com/en/blog/post/drf-custom-authentication-with-expiring-access-tokens/