OK, and this is bad because… what does the rule do with the new token when it re-auths? How would it propagate it to the next thing that needs to auth?

Yeah. It’s sounding like we’re embedding a singleton into rules, which isn’t particularly modelled… And we don’t want to invalidate a node for auth, because the things which depend on it don’t need to be invalidated when the auth token updates…