The error being returned is an unauthorized error. The setAuthToken API integrates with the entitlement server. Is that how you're trying to use it? It will call SignInWithCredentials on your server. The authToken can be anything you want, but it should be able to identify a user, preferably after decrypting the authToken or something similar to protect identity.
I'll see if we can add an example in the documentation.