Some of the info here is pretty outdated, personally I would recommend using JWT authentication with this library, the token auth is neglected and not tested.