Replace cookie authentication with token authentication on login token for RESTful 2.x

replace-cookie-with-token-auth-for-login-token.patch

diff --git a/modules/restful_token_auth/src/Plugin/resource/AccessToken__1_0.php b/modules/restful_token_auth/src/Plugin/resource/AccessToken__1_0.php
index 7782658..9860c81 100644
--- a/modules/restful_token_auth/src/Plugin/resource/AccessToken__1_0.php
+++ b/modules/restful_token_auth/src/Plugin/resource/AccessToken__1_0.php
@@ -21,7 +21,7 @@ use Drupal\restful\Plugin\resource\DataProvider\DataProviderEntityInterface;
  *   label = "Access token authentication",
  *   description = "Export the access token authentication resource.",
  *   authenticationTypes = {
- *     "cookie",
+ *     "token",
  *     "basic_auth"
  *   },
  *   authenticationOptional = FALSE,

See also https://gist.github.com/josephdpurcell/f2744a7ac38957b1e04e.

The motivation for this change is twofold:
(a) login-token will use "cookie" auth, which with an SPA is not ideal since you have to have the same user logged into the API as the client consuming the API if they are on the same domain. So, let's remove cookie auth.
(b) login-token will not use "token" auth, so if you have a valid access token (say generated and sent via an email) you cannot get the expiry and refresh token unless you re-authenticate. So, let's allow token auth.

You can instead use a subclass to modify behavior of authentication https://github.com/RESTful-Drupal/restful/wiki/3.-Authentication#using-token-auth-module OR RESTful-Drupal/restful#863 (comment).