Please note that you need to refresh the editor after logging in/out in order for the plugin to work properly (on Chrome at least)
Session:
Path: /auth/v1/token?grant_type=password
Headers: apiKey
Body: { email, password }
Actions: Set access token cookie based on login response