Stuff to talk about:
- Config.ts file and how it relates to OIDC and api-tokens.
- storage of the api-token in local-storage.
- how session expiry currently works, possibilities for improvement
- seamless api-token refresh.
- HSTS
- click-jacking and iframe protection.
- CORS and CSP
- XSS - xss.md