Instead of sending a token with the application view (which is really
more of a session state view), fetch it separately using the tokenUrl
option of the Auth plugin. Account for the case where known personas
could change in the future without invalidating the current persona
and reset the Auth plugin whenever the persona in use changes. Use the
persona parameter to the token endpoint to get the appropriate token.