Vary cache on token-based authentication

[Ben Tesch]

I'm hoping to find a solution to what this issue (https://github.com/encode/django-rest-framework/issues/5225) was brought up about. I can add vary_on_cookie decorator for web-based requests, but in a purely API or mobile app scenario, I would like to add a token to the authorization header and have the response be cached just for that user... otherwise obviously it would return the results in the cache, which could be someone else's data. Is a vary cache using TokenAuthentication possible?