JWT & CORS to use IHP as an app backend

For mobile apps that need more than DataSync, or Thin, IHP should support jwt authentication and also CORS. It'd be great if this would include getting "currentUser" and session data from the JWT instead of a cookie.