The x-auth-token is a header field used by a server to send
an access token to the client (e.g. a browser).
This step requires that the client has supplied its credentials
(username/password) beforehands.
The x-auth-token header filed is a non-standard field
(hence the x- prefix).