Most users have been using oauth verification for their apps. But from what you have setup, it seems pretty quick and easy.
Something you could do is to set a serves which checks the localstorage value. So every minute/ 5mins/ or what every time interval you want, the service checks to see if that value still is true
I actually needed something like that for a few apps I’m working on. I spent quite some time investigating this and was able to achieve something that worked for me.
I’m pretty happy with the result, in addition to email/password authentication I’ve added some social authentication which works in the same way.
open url on client side with the provider’s (facebook/twitter/instagram) url for login
the user logs in and is redirected to the server’s callback url (my server is written in nodejs)
once I’ve got the access token from the provider. I save this token and then create a token for the client to reuse every time the user wants to access a protected ressource.