Clarify that per-request UIA for /login/get_token is an RFC 2119 MUST requirement.