Disable cookie auth on login token for RESTful 1.x

disable-cookie-for-login-token-example.module

/**
 * hook_ctools_plugin_pre_alter
 *
 * We need to not allow cookie-based authentication against the API so that
 * content editors may be logged into Drupal and the SPA simultaneously. We'll
 * unset the "cookie" authentication type from the provided authentication
 * plugins for access_token and refresh_token here.
 */
function my_api_ctools_plugin_pre_alter(&$plugin, &$info){
  if ($plugin['module'] == 'restful_token_auth') {
    if (!empty($plugin['resource']) && in_array($plugin['resource'], array('access_token', 'refresh_token'))) {
      if (!empty($plugin['authentication_types'])) {
        if(($key = array_search('cookie', $plugin['authentication_types'])) !== FALSE) {
          unset($plugin['authentication_types'][$key]);
        }

        // Add the token authentication type to allow users to access the
        // login-token resource with only an access token (so they can get
        // their refresh token).
        if (array_search('token', $plugin['authentication_types']) === FALSE) {
          array_push($plugin['authentication_types'], 'token');
        }
      }
    }
  }
}

Discussion RESTful-Drupal/restful#863

Important note: in 2.x you can use a subclass to modify behavior of the access token route: RESTful-Drupal/restful#863 (comment)