Change Middleware/Authentication from X-Session-Token to normal HTTP bearer auth AND JWT/OAUTH

Use a JWT token and a refresh token.

See: https://lcobucci-jwt.readthedocs.io/en/latest/configuration/