I just discovered that the token type returned from twitch is “bearer” notice the lower case. Then spring will compare this type against “Bearer” string but with insensitive. Therefore “bearer” is used in the “Authorization” header. But twitch doesn’t accept word “bearer” it has to be the camel case “Bearer”.