Refactor jwt auth into authenticate_bearer_token() method on Client The json web token authentication was buried inside determine user. Refactored to put this authenticate_bearer_token method so it can (hopefully) be overriden by an instance.