@machadoug - I have given up on using the Auth Token based app extension, as I had too many problems to get it working.
Instead, I changed my code to use JWT with Passport and local Mongoose strategy for authentication. The latter (local Mongoose strategy) is of course only relevant for you, if you use Mongoose at your backend.