Validate token scopes and its expiration time presence

[vittorius]

• Validate that the auth token provided hasuser and gist scopes only
• Validate that the auth token has an expiration time set (a token without an expiration time is considered invalid)