create separate API methods for tokens (short-lived) and personal access tokens (long-lived), include global antiforgery filter to mitigate XSRF when using cookie auth (ignored when using Jwt)

Oqtane.Client/Services/UserService.cs

@@ -84,5 +84,10 @@ namespace Oqtane.Services
         {
             return await GetStringAsync($"{Apiurl}/token");
         }
+
+        public async Task<string> GetPersonalAccessTokenAsync()
+        {
+            return await GetStringAsync($"{Apiurl}/personalaccesstoken");
+        }
     }
 }