Another thing ..
If the option Enable authentication via JSON Web Tokens is checked in the admin panel of the Write API, the request to /v1/users/:uid/tokens with password in the content body never gets hit, so it's not possible to choose between the two.
So eitheruncheck authentication via JSON Web Tokens and use password based request for tokens or .. configure JSON Web Token Secret to request tokens and forget about password based generation.
It doesn't say anything about it in the API's documentation
Creates a new user token for the passed in uid
Accepts: No parameters normally, will accept password in lieu of Bearer token
Can be called with an active token for that user
This is the only route that will allow you to pass in password in the request body. Generate a new token and then use
the token in subsequent calls.