* The Login Server will support only BrowserID at first, but could support any authentication protocol in the future, as long as it can be done with a single call.
* All servers are time-synced
* The expires value for a token is a fixed value per application. For example it could be 30mn for Sync and 2 hours for bipostal.
== Flow ==