71b2c05906
The server requires "token" but the client was sending "t", breaking EmailTokenVerifier implementations. Explicitly disallow null in the javadoc for EmailTokenVerifier, and check for null encode/decode call sites. This would have at least returned a 422 instead of 500 in the case we're seeing in our backends. Change-Id: Ibcda9f63fc55ab1f8f32a400c2c83780a8541ccd