Wouldn’t using opaque tokens have avoided the problem altogether?