Should not fire an error when username or token are missing

[ekryski]

I think this should also be left up to the user for how they want to handle this. For example, if I only want to use a token and my app doesn't require a username I shouldn't be forced to provide one. I realize that it is more secure to use username and token but IMO this library shouldn't enforce that.

Currently, I have to hack things and tack on req.body.username = true in order for things to work when I don't want to pass a username. Less is more :smile:.