Auth Token set/update support #12
Description
With !4 merged, support for auth tokens has landed. However, only parsing/verifying is supported, not setting or updating tokens. This is less trivial because while we can automatically set cookies, for tokens inside the header the client needs to actively do something with the new token. Possibly we just let the implementing server handle returning the tokens for non-cookie sources.