Extension for Devise that adds authentication-token support for API clients. Used in the Prevent Account Sharing talk to authenticate the iOS mobile application, while the browser continued to rely on a custom login-session UUID.