The Client class is a wrapper to Application model. The main idea is to remove the responsibility of finding/ authenticating the client from the request classes, moving them to the controller. The Credentials class encapsulates the credentials decoding process
…fied. The code directly modifies the value of `request.env['HTTP_AUTHORIZATION']` with `gsub!`, leading to a weird case where your Authorization token can't be authenticated more than once (because the prefix "Bearer " is stripped off in the first call). This probably only affects the use case with Rack::Test.
…e_record.whitelist_attributes = true