Help with authorization problem

Running 79.3 in 2 houses. From what I can tell the installations should be identical. I have an application that wants to access the HA servers. I created a long term token in each server. In house A the application there has no problem accessing. It uses the REST interface (actually the old haremote code that I copied locally) to get baseline info and then opens a websocket stream for events. All is good. In house B, a separate instance of the app accesses the baseline info with no problem (i.e., it downloads all the entities etc.). However, when it opens a websocket stream using the correct token I get an invalid password or token message back. Clearly the token is correct since it works for the initial download but I cannot get the websocket to validate. The application code is the same. In fact, if I reach across a VPN that I run between the houses and run the app in house A to access the HA server in house B I see the same result - the REST info is fine but the websocket fails. So it would seem that there is something about the code/server instance of HA in home B that is failing. However, I am at wits end trying figure out how to diagnose it since both HA servers are running in virtual environments on RPis running Raspbian. The only difference there is that the house A Pi is a slightly newer version of Debian than the house B Pi (but both are Stretch versions). Can anyone suggest a direction I can go to diagnose this further?

Well I continued to bang on this looking at every message in the websock streams and found the problem but it makes no sense to me. HA sends an “auth_requires” message and my code had been responding with an “api_password” response. I changed this to an “access_token” response which now appears to be required and everything works. What makes no sense to me is that the HA server in house A was fine getting the api_password response and sent back an auth_ok message whereas the HA server in house B sent back the invalid. Both should fail (or both should work) but having different results doesn’t make a lot of sense and suggests there might be some code weirdness in the server than someone might want to look at. In any case, with the correct response they now both seem ok.