Implement support for bearer token authorization on the same level as cookies

This feature should include permissions setting and refreshing. 
Full authorization support for redirecting and methods for logging in.