I have been testing the component using Postman to learn and see the results.
As yet I don't understand the login process using the users plugin :
https://github.com/techjoomla/com_api-plugins/blob/master/users/users/login.php
With this plugin you can pass a username and key (without the user's password) and it returns a new token.
index.php?option=com_api&format=raw&app=users&resource=login&key=<key>&username=<myusername>
How do you include the user's password as a param?
On this topic I think there is a least one bug in login.php on line 73
'userid' => $user->id,
should be ?
'userid' => $id,
Otherwise it create a new key for the original key owner not the user associated with the username you have passed?