Currently the database credentials are exposed in the bearer token. Though this solution is sufficient in deployments with HTTPS, it still relies on users being responsible client side. We should try to determine a solution to further mitigate the opportunity of user's credentials being compromised. Perhaps salting/hashing details in outbound token request and exposing only a salted/hashed version of credentials within the token.
Currently the database credentials are exposed in the bearer token. Though this solution is sufficient in deployments with HTTPS, it still relies on users being responsible client side. We should try to determine a solution to further mitigate the opportunity of user's credentials being compromised. Perhaps salting/hashing details in outbound token request and exposing only a salted/hashed version of credentials within the token.