Comment 2 for bug 1012326

This could be easily solved just returning a 401 error whenever a validate token call is done or invalidating the validation token, however I don't really like any of that solutions, since a 404 error is the right error for a resource that doesn't exist and discarding a token after a "real" 404 might cause 'auth_token' getting new tokens much more frequently than really needs. Any thought??