User account data (partially hidden emails) Authentication tokens (OAuth tokens, JWT tokens) Login links for internal systems (e.g., https://identity.vwgroup.io) Session cookies (JSESSIONID and others) identity and access information (scopes such as email, profile, vin, phone, etc.) Authentication and access control details (redirect_uri, state, nonce)