auth_token = {'uid': '123', 'expires': 1324654308.907832}
The Auth Token also includes a randomly-generated salt for use in the calculation of the Token Secret. The token is signed using the signing secret Signing Secret and base64-ed. The signature is HMAC-SHA1:
auth_token, signature = HMAC-SHA1(auth_token, sig_secret)
'''The authorization token is not encrypted'''
(XXX: Need to confirm whether using the salt adds any real value here)
=== Metadata token (optional) ===