Could use some help understanding Luke

I’m completely lost on Luke. I enumerated the target and found a set of credentials that do not seem to work on any pages/services. I found hints online suggesting to use a curl statement with those credentials(slightly modified) to get a token? I can’t get that to work, and worse, I cannot figure out why it should work. These credentials do not work when inputting them manually, so why would they work with curl? Or why would a failed login attempt result in a good token? I’m completely confused.

Should the credentials work on a page I haven’t found yet?

Keep going, look into JWT Token-Based Authentication.