I'm using an API which, for certain large queries, returns a 307 status code and redirects me to a signed AWS S3 URL. I'm querying it with Java's inbuilt HttpClient (java.http.HttpClient), and the authorization is done with an Authorization header which contains a token I got on a previous call.

But if I set the HttpClient to follow redirects, using this call on the Builder

.followRedirects(Redirect.NORMAL)

then the call to the S3 pre-signed URL fails with this message:

Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified

How can I get the HttpClient to drop the Authorization header when following a redirect? Apparently this is curl's behaviour, so it seems like I should be able to make HttpClient do it