it seems the server that not properly parse the Authorization header, add 'query_string_auth' => true solved my issue.