I would like to add, that the correct call for me (at least one that provided results after the hack/fix) was:
const data = JSON.stringify( {
identifier,
password
} );
const res = await fetch( `${API_URL}/api/auth/local/`, {
headers: {
'Content-Type': 'application/json'
},
method: 'POST',
body: data
} );
And this issue apparently has to do with the upgrade from v8 to v9 for the jsonwebtoken package. There’s a migration guide that explains that they are now validating options.