I think we should expire the token after some time to shorten the security risk window?
I think we should expire the token after some time to shorten the security risk window?