chx/rest.resource.user_registration.yml

## gistfile1.txt
To register (admin needs to install rest module, add the registration resource attached, the right registration settings and the user permission 'restful post user_registration' granted to anonymous):

➜ curl -H "Content-type: application/json" -X POST 'http://localhost/docroot/user/register?_format=json' --data '{"name":{"value":"test name"},"mail":{"value":"chx1975@gmail.com"},"pass":{"value":"test pass"}}'
{"uid":[{"value":14048}],"uuid":[{"value":"6494d669-086a-451f-b7e5-573ffb4e1dfe"}],"langcode":[{"value":"hu"}],"name":[{"value":"test name"}],"created":[{"value":"2020-02-14T05:18:53+00:00","format":"Y-m-d\\TH:i:sP"}],"changed":[{"value":"2020-02-14T05:18:53+00:00","format":"Y-m-d\\TH:i:sP"}],"default_langcode":[{"value":true}],"synonyms":[]}%

To log in (unpatched core requires a user name here but I patched it so users can use their email as well):

➜ curl  -c cookie.txt --request POST 'http://localhost/docroot/user/login?_format=json' --data '{"name":"chx1975@gmail.com","pass":"test pass"}'
{"current_user":{"uid":"14048","name":"test name"},"csrf_token":"AH8CpdwKyNdoTI89F3tUypGm470Qi9eQYYbeS-wK7is","logout_token":"NAH-F4C-yFPWJrex3cd14FpgMwv5TcH8tWFXLXDlTew"}%

To query a user, using "uid" from the previous reply, note the URL starts with "jsonapi/" and the Content-Type is "vnd.api+json" and the lack of "_format=json":
➜ curl -b cookie.txt -H "Content-Type: application/vnd.api+json" 'http://localhost/docroot/jsonapi/user/user?filter[uid]=14048'
{"jsonapi":{"version":"1.0","meta":{"links":{"self":{"href":"http:\/\/jsonapi.org\/format\/1.0\/"}}}},"data":[{"type":"user--user","id":"6494d669-086a-451f-b7e5-573ffb4e1dfe","attributes":{"drupal_internal__uid":14048,"langcode":"hu","preferred_langcode":"hu","preferred_admin_langcode":null,"name":"test name","mail":"chx1975@gmail.com","timezone":"America\/Los_Angeles","created":"2020-02-14T05:18:53+00:00","changed":"2020-02-14T05:18:53+00:00","default_langcode":true,"synonyms":null},"links":{"self":{"href":"http:\/\/localhost\\/docroot\/hu\/jsonapi\/user\/user\/6494d669-086a-451f-b7e5-573ffb4e1dfe"}}}],"links":{"self":{"href":"http:\/\/localhost\\/docroot\/jsonapi\/user\/user?filter%5Buid%5D=14048"}}}

To delete a user, we will use the self link from the previous answer, and the CSRF token from the login answer, that's necessary for every operation changing anything:
➜ curl -b cookie.txt -X DELETE -H 'X-CSRF-Token: AH8CpdwKyNdoTI89F3tUypGm470Qi9eQYYbeS-wK7is' -H "Content-type: application/vnd.api+json" http://localhost/docroot/jsonapi/user/user/6494d669-086a-451f-b7e5-573ffb4e1dfe

Now if we try to log in (the HTTP status will be accordingly not 200 as well):
➜ curl  -c cookie.txt --request POST 'http://localhost/docroot/user/login?_format=json' --data '{"name":"chx1975@gmail.com","pass":"test pass"}'
{"message":"Sorry, unrecognized username or password."}

We re-register:
➜ curl -H "Content-type: application/json" -X POST 'http://localhost/docroot/user/register?_format=json' --data '{"name":{"value":"test name"},"mail":{"value":"chx1975@gmail.com"},"pass":{"value":"test pass"}}'
{"uid":[{"value":14049}],"uuid":[{"value":"ec86701d-1249-40b4-bd47-41b5c40b674f"}],"langcode":[{"value":"hu"}],"name":[{"value":"test name"}],"created":[{"value":"2020-02-14T06:46:38+00:00","format":"Y-m-d\\TH:i:sP"}],"changed":[{"value":"2020-02-14T06:46:38+00:00","format":"Y-m-d\\TH:i:sP"}],"default_langcode":[{"value":true}],"synonyms":[]}

Note the uid changed.

We re-login:
➜ curl  -c cookie.txt --request POST 'http://localhost/docroot/user/login?_format=json' --data '{"name":"chx1975@gmail.com","pass":"test pass"}'
{"current_user":{"uid":"14049","name":"test name"},"csrf_token":"dDjOtnn2KfcwOGjpSePQUKjDiEx-MYMkc47-XoYqsQ8","logout_token":"georBFlW6ypYBDcwGKjCpjI1iH3gneiwEfam6ytp3vA"}

If we need to check whether we are still logged in:
➜ curl -b cookie.txt -H "Content-type: application/vnd.api+json" 'http://localhost/docroot/user/login_status?_format=json'
1

To send a password reminder email (this supports both the "mail" and "name" keys out of the box unlike login):
➜ curl -H "Content-type: application/json" -X POST 'http://localhost/docroot/user/password?_format=json' --data '{"mail":"chx1975@gmail.com"}'

## rest.resource.user_registration.yml
uuid: 76ff1bc9-1993-4ee5-9a4f-453c801ecb7f
langcode: en
status: true
dependencies:
  module:
    - serialization
    - user
id: user_registration
plugin_id: user_registration
granularity: resource
configuration:
  methods:
    - POST
  formats:
    - json
  authentication:
    - cookie
	To register (admin needs to install rest module, add the registration resource attached, the right registration settings and the user permission 'restful post user_registration' granted to anonymous):

	➜ curl -H "Content-type: application/json" -X POST 'http://localhost/docroot/user/register?_format=json' --data '{"name":{"value":"test name"},"mail":{"value":"chx1975@gmail.com"},"pass":{"value":"test pass"}}'
	{"uid":[{"value":14048}],"uuid":[{"value":"6494d669-086a-451f-b7e5-573ffb4e1dfe"}],"langcode":[{"value":"hu"}],"name":[{"value":"test name"}],"created":[{"value":"2020-02-14T05:18:53+00:00","format":"Y-m-d\\TH:i:sP"}],"changed":[{"value":"2020-02-14T05:18:53+00:00","format":"Y-m-d\\TH:i:sP"}],"default_langcode":[{"value":true}],"synonyms":[]}%

	To log in (unpatched core requires a user name here but I patched it so users can use their email as well):

	➜ curl -c cookie.txt --request POST 'http://localhost/docroot/user/login?_format=json' --data '{"name":"chx1975@gmail.com","pass":"test pass"}'
	{"current_user":{"uid":"14048","name":"test name"},"csrf_token":"AH8CpdwKyNdoTI89F3tUypGm470Qi9eQYYbeS-wK7is","logout_token":"NAH-F4C-yFPWJrex3cd14FpgMwv5TcH8tWFXLXDlTew"}%

	To query a user, using "uid" from the previous reply, note the URL starts with "jsonapi/" and the Content-Type is "vnd.api+json" and the lack of "_format=json":
	➜ curl -b cookie.txt -H "Content-Type: application/vnd.api+json" 'http://localhost/docroot/jsonapi/user/user?filter[uid]=14048'
	{"jsonapi":{"version":"1.0","meta":{"links":{"self":{"href":"http:\/\/jsonapi.org\/format\/1.0\/"}}}},"data":[{"type":"user--user","id":"6494d669-086a-451f-b7e5-573ffb4e1dfe","attributes":{"drupal_internal__uid":14048,"langcode":"hu","preferred_langcode":"hu","preferred_admin_langcode":null,"name":"test name","mail":"chx1975@gmail.com","timezone":"America\/Los_Angeles","created":"2020-02-14T05:18:53+00:00","changed":"2020-02-14T05:18:53+00:00","default_langcode":true,"synonyms":null},"links":{"self":{"href":"http:\/\/localhost\\/docroot\/hu\/jsonapi\/user\/user\/6494d669-086a-451f-b7e5-573ffb4e1dfe"}}}],"links":{"self":{"href":"http:\/\/localhost\\/docroot\/jsonapi\/user\/user?filter%5Buid%5D=14048"}}}

	To delete a user, we will use the self link from the previous answer, and the CSRF token from the login answer, that's necessary for every operation changing anything:
	➜ curl -b cookie.txt -X DELETE -H 'X-CSRF-Token: AH8CpdwKyNdoTI89F3tUypGm470Qi9eQYYbeS-wK7is' -H "Content-type: application/vnd.api+json" http://localhost/docroot/jsonapi/user/user/6494d669-086a-451f-b7e5-573ffb4e1dfe

	Now if we try to log in (the HTTP status will be accordingly not 200 as well):
	➜ curl -c cookie.txt --request POST 'http://localhost/docroot/user/login?_format=json' --data '{"name":"chx1975@gmail.com","pass":"test pass"}'
	{"message":"Sorry, unrecognized username or password."}

	We re-register:
	➜ curl -H "Content-type: application/json" -X POST 'http://localhost/docroot/user/register?_format=json' --data '{"name":{"value":"test name"},"mail":{"value":"chx1975@gmail.com"},"pass":{"value":"test pass"}}'
	{"uid":[{"value":14049}],"uuid":[{"value":"ec86701d-1249-40b4-bd47-41b5c40b674f"}],"langcode":[{"value":"hu"}],"name":[{"value":"test name"}],"created":[{"value":"2020-02-14T06:46:38+00:00","format":"Y-m-d\\TH:i:sP"}],"changed":[{"value":"2020-02-14T06:46:38+00:00","format":"Y-m-d\\TH:i:sP"}],"default_langcode":[{"value":true}],"synonyms":[]}

	Note the uid changed.

	We re-login:
	➜ curl -c cookie.txt --request POST 'http://localhost/docroot/user/login?_format=json' --data '{"name":"chx1975@gmail.com","pass":"test pass"}'
	{"current_user":{"uid":"14049","name":"test name"},"csrf_token":"dDjOtnn2KfcwOGjpSePQUKjDiEx-MYMkc47-XoYqsQ8","logout_token":"georBFlW6ypYBDcwGKjCpjI1iH3gneiwEfam6ytp3vA"}

	If we need to check whether we are still logged in:
	➜ curl -b cookie.txt -H "Content-type: application/vnd.api+json" 'http://localhost/docroot/user/login_status?_format=json'
	1

	To send a password reminder email (this supports both the "mail" and "name" keys out of the box unlike login):
	➜ curl -H "Content-type: application/json" -X POST 'http://localhost/docroot/user/password?_format=json' --data '{"mail":"chx1975@gmail.com"}'
	uuid: 76ff1bc9-1993-4ee5-9a4f-453c801ecb7f
	langcode: en
	status: true
	dependencies:
	module:
	- serialization
	- user
	id: user_registration
	plugin_id: user_registration
	granularity: resource
	configuration:
	methods:
	- POST
	formats:
	- json
	authentication:
	- cookie