Solved.
I inserted some more options into the file that generates the final response on the server and it worked.
I followed the suggestion of link
it looks like you did not expose the header correctly, the browser
will not forward this header to your code unless you specify it server
side.
try adding this to you $ headers object
$response->headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE');
$response->headers->set('Access-Control-Allow-Headers', 'Content-Type, X-Auth-Token, Origin, Authorization');
$response->headers->set('Access-Control-Expose-Headers', 'Authorization');
$response->headers->set('Authorization', 'Bearer ' . $newToken);
return $response;