Checking if a password matches seems a lot easier than 1)generate a code 2) send an email with the code 3) have an endpoint the verifies the code 4) find the websocket connection associated with the code 5) send a websocket frame with the access token for the use to authenticate future requests