Token Exchange

You play as a PyPI package maintainer who has adopted the new trusted publishing method using OpenID Connect. However, the short-lived identity tokens you receive to publish packages are being stolen by an unknown hacker. With your reputation and the security of PyPI at stake, you must delve into the world of cybersecurity and track down the hacker before it's too late.