Currently, all apps use the same user account password.
- User enters e-mail + password in app
- App requests a token, doesn't store password
Apps / devices are listed in the WebUI, access can be revoked.
The revocation could also be done in-app, and re-requesting password.