- The user visits a site.
- The site displays a logged out view.
- The user decides to login to the site via *browser* UI, such as a login button in the chrome by the address bar.
- The user selects a token to user for the site.
- The browser refreshes the page and includes the public key as a header, for ex. `UserToken: abdce`
- The server gets the token and displays a logged in view.