registrations_controller.rb

class Api::RegistrationsController < Api::BaseController
  
  respond_to :json
  def create

    user = User.new(params[:user])
    if user.save
      render :json=> user.as_json(:auth_token=>user.authentication_token, :email=>user.email), :status=>201
      return
    else
      warden.custom_failure!
      render :json=> user.errors, :status=>422
    end
  end
end

sessions_controller.rb

class Api::SessionsController < Api::BaseController
  before_filter :authenticate_user!, :except => [:create]
  before_filter :ensure_params_exist
  respond_to :json

  def create
    resource = User.find_for_database_authentication(:email => params[:user_login][:email])
    return invalid_login_attempt unless resource

    if resource.valid_password?(params[:user_login][:password])
      sign_in(:user, resource)
      resource.ensure_authentication_token!
      render :json=> {:success=>true, :auth_token=>resource.authentication_token, :email=>resource.email}
      return
    end
    invalid_login_attempt
  end
  
  def destroy
    current_user.reset_authentication_token
    render :json=> {:success=>true}
  end

  protected
  def ensure_params_exist
    return unless params[:user_login].blank?
    render :json=>{:success=>false, :message=>"missing user_login parameter"}, :status=>422
  end

  def invalid_login_attempt
    render :json=> {:success=>false, :message=>"Error with your login or password"}, :status=>401
  end
end

Slight modification so you can't accidentally/maliciously log other people out

For registration_controller#create, the json response never seem to have the auth_token key in it. Do I need any special settings for "authentication_token". Right now, after registration the user has to login once to get the correct state.

I made some changes to your version.