I think its up to your client code to follow redirects with Auth header, i think it has to be done manually, the reason for the redirects is that the api path is different on core, ill try to do something on my side first, if that doesnt work for you you can use the new api URL