present
client is issuing own tokens with long lifetimes
should be auth-server doing this
cryptographic challenge
----
resource server has auth server
----
nginx auth server plugin via http
----
(realm=area=bereich)
----
401->access token->deliver content
----
???pop-endpoint...
----
nonce-parameter
----