This issue keeps track of things that have to do with security and taking into account worst case scenarios.
[x] Logging should not expose sensitive information
[ ] #14
[x] #12
[ ] Tokens from #11 should be encrypted using a key that might be derived in some way from user credentials (client provides a key which the server can use to decrypt the token for one-time use)
This issue keeps track of things that have to do with security and taking into account worst case scenarios.