Extend Theseus auth subsystem to fetch complete user profiles

[AlexTMjugador]

Overview

This PR substantially tweaks the Minecraft authentication subsystem to have a much more complete representation of player profiles, including their skins, capes, and whether the available profile data has been hydrated with online profile data (i.e., fetched from the Mojang API) or not (i.e., retrieved from the local state database, and is thus "offline").

An online profile cache is also introduced, which helps achieving a better performance and information freshness tradeoff. Successful entries in this cache are invalidated after a minute has passed, which I've experimentally found to align with the behavior of the vanilla launcher, the apparent intention of profile data to be short-lived judging from HTTP cache control headers, and rate limits in the Mojang API. Error responses to profile queries due to authentication errors are also cached, as I've confirmed that repeated profile requests with bad auth tokens can very quickly lead to rate limits on Mojang's part (i.e., HTTP 429 errors).

Moreover, access tokens are now refreshed if needed whenever credentials are read from the state database, not only when launching an instance, which has the side effect of fixing some edge cases where the app could display visibly stale profile data. I've also updated the related parts of both frontend and backend code to accommodate these changes in player profile information representation.

Overall, users should not notice any changes to how the launcher works after this PR. In my view, its purpose comes from it being the key for unlocking the development of features related to player profile data 🙂

Testing

I've manually tested this PR by performing several combinations of logging in, logging out, relaunching the app, relaunching the app after access token expiration, and launching instances. I found no new issues after my tests with the PR in its current state.

[Copilot]

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (6)

packages/app-lib/src/state/legacy_converter.rs:126

• [nitpick] Ensure that the default values provided via MinecraftProfile::default() cover all required fields; if additional fields need to be migrated from legacy_credentials, consider mapping them explicitly.

offline_profile: MinecraftProfile {

packages/app-lib/src/launcher/args.rs:231

• Confirm that 'profile.name' is always available at this call site, especially in scenarios where the profile may not be fully hydrated; consider adding fallback logic if necessary.

&profile.name,

packages/app-lib/src/api/minecraft_auth.rs:27

• Ensure that retrieving the user ID from 'offline_profile.id' aligns correctly with the rest of the authentication flow and that the offline profile is reliably populated.

Ok(user.map(|user| user.offline_profile.id))

packages/app-lib/src/api/logs.rs:54

• Verify that using 'credentials.offline_profile.name' for log censorship correctly identifies the Minecraft username across all cases; ensure that the offline profile is sufficiently up-to-date to avoid mismatches.

&credentials.offline_profile.name,

apps/app-playground/src/main.rs:33

• Ensure that 'maybe_online_profile()' returns a valid profile with a non-empty name to prevent potential runtime errors when printing the logged-in user.

credentials.maybe_online_profile().await.name

apps/app-frontend/src/components/ui/AccountsCard.vue:36

• Double-check that all account references using 'profile.id' and 'profile.name' are consistently available across the component to ensure reliable behavior in both display and log out actions.

<Button v-tooltip="'Log out'" icon-only color="raised" @click="logout(selectedAccount.profile.id)">