I somehow got into a bad state, where I had a token cached but no user signed up.

The WebUI would not allow me to enter the sign-up view... from the Landing Page attempting to navigate to /register would call /api/refresh_token, fail with a 401, and bounce me back to the Landing Page.

There is a list of views that are not protected by auth, but this list seem incomplete: https://github.com/nds-org/ndslabs/blob/699c4b6a1902a210500d86636b8b8bde916341f5/gui/app/app.js#L509-L513

This ticket is complete when app/signUp/signUp.html and app/api/swagger.html are also included in this list.