Use dojo/request.post to validate a username and password. In this case, a valid password is the reverse of the username. After, the Auth-Token is then retrieved from the promise.response.