/login/tokens = anon /** = user,forceLogout