Authentication

All requests require authentication, through OAuth-compliant headers:

curl --header "Authorization: Bearer <token>" https://orchestrator.example.com/

The authentication token payload must at least have a sub entry and an iss entry. It may contain additional entries.