Thanks, this appears to do the trick after all 
I’m now getting 401 unauthorized, even though the login credentials are correct for this email/pw combo, but I suppose I can troubleshoot that on my own.
Edit: my app’s passwords were hashed with PHP’s bcrypt…which apparently is not the same as node’s bcrypt, sigh. Fix here: Can't match Bcrypt hash generated in PHP using Node Bcrypt function when configuring custom DB - #7 by antoine.thierry