* the client requests a token, giving its browser id assertion [1]
POST GET /1.0/sync/request_token HTTP/1.1
Host: token.services.mozilla.com
Content-Type: application/json
X-Authentication-MethodAuthorization: Browser-ID (optional header since Browser-ID is the default)<assertion>
{"assertion":XXX}
* the Login Server checks the browser id assertion [2] '''this step will be done locally without calling an external browserid server -- but this could potentially happen''' (we can use pyvep + use the BID.org certificate)
* the Login Server asks the Users DB if the user is already allocated to a node. [3]