A couple of issues here -
1) LoginAsync (and Login) currently always check if the client (user) is logged in, and if so don't attempt to login again. This check looks at the internal token representing the client session and not at the actual user credentials.
2) Client vs. user login - You're right that we do couple these and probably should not. We also assume that a failed login results in a LoginException, otherwise the login is considered successful. I'll open a feature request to see what we can do to break the linkage between the internal token used for a client session vs. the authentication logic of a user login.
For now, if you can't throw a LoginException then you'll first need to call LogoutAsync when the user fails authentication prior to attempting another login.