I've seen a lot of articles that cover using
The way we do it here with Asp.Net, is our auth layer looks for either a cookie or an Authorization header. It pulls the token from either location. This article might be helpful:
This takes some custom code, but its not too difficult really. Make your own AuthenticationHandler.
That excellent article will guide you through every step of the process.