jwt token in response body
POST requests to /auth/login has previously responded with only a response cookie containing the jwt token. Older versions of firefox ignores this cookie completely. This merge requests also adds the same jwt token as the response body.
This merge request also includes an unrelated change: calls to /user now returns the entire decoded jwt token, not just the username.