I’ll have to think about that. Perhaps I can get away with not tying the passport hash to a particular user.