We store the auth tokens as a sha256 hash with base64 encoding in the
SQLite database.

We can't really use a bcrypt style password hashing function because we
need to use it as a primary key in SQLite, but this is mostly just a
kind of defense in depth practice so using sha256 should be sufficient.