Major Description
By extending the ability to acquire a JWT token provided via query param as well as a bearer token, the JWTProvider will open up an opportunity for clients that are unable to set a HTTP header for the request.
These client scenarios will need to be carefully considered and this feature carefully documented to make sure that replay attacks aren't a problem by making the token available to adversaries or persisted in the clear.