Logging in as an administrator user and requesting private posts returns an empty array.

Environment
Windows 10
Apache 2.4 (on localhost)
PHP 7
WP 5.5.1

Plugins installed and activated:
WP GraphQL
WP GraphiQL
WPGraphQL JWT Authentication

.htaccess

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /duet3d/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /duet3d/index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>

# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

# END WordPress

WP config variables

define( 'GRAPHQL_DEBUG', true );
define( 'GRAPHQL_JWT_AUTH_SECRET_KEY', '<secret_key>' );
define(' GRAPHQL_JWT_AUTH_CORS_ENABLE', false );

I have a single private post which appears using this query in the GraphiQL editor in WordPress:

query MyQuery {
  posts(where: {status: PRIVATE}) {
    nodes {
      title
    }
  }
}

Logging in as the administrator via the login mutation appears to work. I get a JWT auth token back which I add as a Authorization header to my request.

The query above called from my front end code written in Vue using Vue-Apollo returns an empty array, no errors reported just a 200 with an empty array. I can access the post if it is set to PUBLISHED however.

Here are some screenshots of the request and response headers:

I'm using this as a test for graphql authentication, I was expecting to be able to retrieve private posts as the administrator, is this not the case?