Authentication

We use a form of OAuth for authentication. A user can create a token by posting valid email and password to /oauth/token. The token is stored as a cookie named access_token on the api domain. Whenever we do api calls to authorized controllers this token is used to get the current user.