Valid X-Okapi-Token (with permissions) returned on invalid login

  [
    "auth.signtoken",
    "auth.signrefreshtoken",
    "users.collection.get",
    "users.item.put",
    "users.item.get",
    "configuration.entries.collection.get"
  ]

$ curl https://folio-testing-okapi.aws.indexdata.com:443/authn/login -H 'Content-Type: application/json' -H 'X-Okapi-Tenant: diku' --data-binary '{"username":"foo","password":"bar"}' -v -w '\n'
+ curl https://folio-testing-okapi.aws.indexdata.com:443/authn/login -H 'Content-Type: application/json' -H 'X-Okapi-Tenant: diku' --data-binary '{"username":"foo","password":"bar"}' -v -w '\n'
*   Trying 52.72.80.49...
* Connected to folio-testing-okapi.aws.indexdata.com (52.72.80.49) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.aws.indexdata.com (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=*.aws.indexdata.com
* 	 start date: Thu, 23 May 2019 00:00:00 GMT
* 	 expire date: Tue, 23 Jun 2020 12:00:00 GMT
* 	 issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
* 	 compression: NULL
* ALPN, server accepted to use http/1.1
> POST /authn/login HTTP/1.1
> Host: folio-testing-okapi.aws.indexdata.com
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/json
> X-Okapi-Tenant: diku
> Content-Length: 35
> 
* upload completely sent off: 35 out of 35 bytes
< HTTP/1.1 422 Unprocessable Entity
< Date: Tue, 24 Sep 2019 18:54:15 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Okapi-Trace: POST mod-authtoken-2.3.0-SNAPSHOT.55 http://10.36.1.89:9132/authn/login : 202 2984us
< x-forwarded-for: 140.234.253.9
< x-forwarded-proto: https
< x-forwarded-port: 443
< host: folio-testing-okapi.aws.indexdata.com
< x-amzn-trace-id: Root=1-5d8a6657-3ecd6a4e80aa647813c1ebda
< user-agent: curl/7.47.0
< accept: */*
< x-okapi-tenant: diku
< x-okapi-request-id: 618738/authn
< x-okapi-url: http://10.36.1.89:9130
< x-okapi-request-ip: 10.36.1.246
< x-okapi-request-timestamp: 1569351255862
< x-okapi-request-method: POST
< x-okapi-permissions: []
< x-okapi-token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJVTkRFRklORURfVVNFUl9fMTAuMzYuMS44OTo0ODgyOF9fMjAxOS0wOS0yNFQxODo1NDoxNS44NjQrMDAwMCIsIm1vZHVsZSI6Im1vZC1sb2dpbi02LjEuMC1TTkFQU0hPVC42NSIsImV4dHJhX3Blcm1pc3Npb25zIjpbImF1dGguc2lnbnRva2VuIiwiYXV0aC5zaWducmVmcmVzaHRva2VuIiwidXNlcnMuY29sbGVjdGlvbi5nZXQiLCJ1c2Vycy5pdGVtLnB1dCIsInVzZXJzLml0ZW0uZ2V0IiwiY29uZmlndXJhdGlvbi5lbnRyaWVzLmNvbGxlY3Rpb24uZ2V0Il0sInJlcXVlc3RfaWQiOiI2MTg3MzhcL2F1dGhuIiwidGVuYW50IjoiZGlrdSJ9.cE-oO4uJzR05ArSqMMA_dR89HcNA0cgc72Ped7Mb-aQ
< x-okapi-match-path-pattern: /authn/login
< X-Okapi-Trace: POST mod-login-6.1.0-SNAPSHOT.65 http://10.36.1.89:9135/authn/login : 422 13785us
< 
{
  "errors" : [ {
    "message" : "Error verifying user existence: No user found by username foo",
    "type" : "error",
    "code" : "username.incorrect",
    "parameters" : [ {
      "key" : "username",
      "value" : "foo"
    } ]
  } ]
* Connection #0 to host folio-testing-okapi.aws.indexdata.com left intact
}

{
  "sub": "UNDEFINED_USER__10.36.1.89:48828__2019-09-24T18:54:15.864+0000",
  "module": "mod-login-6.1.0-SNAPSHOT.65",
  "extra_permissions": [
    "auth.signtoken",
    "auth.signrefreshtoken",
    "users.collection.get",
    "users.item.put",
    "users.item.get",
    "configuration.entries.collection.get"
  ],
  "request_id": "618738/authn",
  "tenant": "diku"
}