Access token is malformed

[bgornicki]

Expected behavior

Access token returned by Steemconnect should be a valid JWT token as it was previously.

Actual behavior

Right now it is malformed so it can't be validated (for example to check if it already expired to handle user sessions). It does not contain header part and sometimes it ends with a dot (one or more) and sometimes not (different results on two different apps with same account and different results on a single app with different accounts).

Steps to reproduce the behavior

Just login using new steemconnect, get access token and try to validate it using jwt.io or jsonwebtoken package.

[bonustrack]

@bgornicki We've changed the way access_token are generated, they are not using JWT anymore they are in base64url format. The token is simply an object in base64u that include an operation and a Steem signature for it. Previously only SC server could validate a token using the JWT secret now with this new token anyone can validate them on their side by checking the signature contained in the token.