Security: don't allow external tokens to query Id Server API
Todo: separate tokens given for /_matrix/identity/v2/account/register and token stored by ToM authenticate() method, else anybody will be able to query API
Todo: separate tokens given for /_matrix/identity/v2/account/register and token stored by ToM authenticate() method, else anybody will be able to query API