This endpoint serves to create an access token using a user's login
credentials. The resulting access token allows authentication in other
endpoints. It has a finite lifespan, after which it must be either
refreshed or re-created.
The access token is included in the response body as a JSON object.
As a bearer token, it can be utilized for user authentication in other
endpoints by including it in the Authorization header of subsequent
requests.
Additionally, if the user account is safeguarded by multi-factor
authentication, the endpoint responds with a 401 Unauthorized status
and provides a challenge field in the response body. This challenge
field contains a unique identifier. To proceed, the client must fulfill
the challenge by sending a request to the /token/challenge endpoint.
Access and Refresh tokens should be treated as sensitive data and should
be stored securely.