Now we use
User object instead of 'Credentials'.
The token is not exposed anymore through the auth, TokenService needs to
be used to access it.
Domains are not exposed for the time being as it can give a false sense
that checking domains in a web app is somehow accepted or even
recommended for security purposes, this is not the case.
Implements #3 (closed)