frontend/app/OAuthCallbackComponent.jsx (1 line):
	- line 153: //FIXME: handle incoming error messages too


app/auth/Security.scala (1 line):
	- line 173: //FIXME: seems a bit rubbish to validate the token twice, once for login and once for admin