* move token checker to security package * update tests with new security package * add oauth token checking to security package * check if user email confirmed when parsing token