36a156bc52
* New conf value of max_token_life, existing token_life conf value is now just the default token life. * When a user requests a token, they can send an X-Auth-Token-Lifetime header with the number of seconds they'd like the token to be valid for. This will be capped to max_token_life. * Response to getting a token has new X-Auth-Token-Expires header that is the number of seconds the token is valid for.