implement custom clientstore add new Password page if password is set force entering password to successfully receive the token add a new unsafe api call for init call only
modify api where necessary
