The problem is in the response header.

When you are using Apache server as a proxy server, you are passing the JWT token in response headers. The problem with proxy servers is that extra care needs to be done to ensure that the proxy server is forwarding all your response headers from the backend server to frontend.

Usually, the proxy server sends its own set of response headers and not the headers from backend server. If you are to send the access token in response body, you would notice that your issue is resolved