REST API Script endpoint requires active session and does not regard Token sent in Header

Hello,

We are currently implementing OAuth2 authentication, specifically so a third party app can communicate with the REST API. The configuration in Designer is essentially done and works when contacting the API endpoints /entity/ and /assignment/.

However, it seems like the /script/ endpoint requires an active session, since it does not seem to accept the token for authentication ("401-Unauthorized"). Is this a known issue or could it be a configuration on our AppServer? I have tried to find a suitable configuration option, but have been unsuccessful so far.