The alternative header is REDIRECT_HTTP_AUTHORIZATION used by some servers. I didn’t in my code ensure that the bearer token is being returned and should… just that the header existed. May ask for another check after some changes