implement custom clientstore add new Password page if password is set force entering password to successfully receive the token add a new unsafe api call for init call only
generate new token on every new page load
modify api where necessary
