UUID - client UUID
TOKEN - client token. The client raw password is hashed into a 256-bit long token using TLS Keying Material Exporter on current TLS session. While exporting, the label should be the client UUID and the context should be the raw password.