Added CRUD methods for Tokens.
Extend Auth Handler to check for the presence of a Bearer Authorization
header to authenticate against. If there is no header, or the token is not
valid, the Auth Handler falls back to looking for a Session.