WWW-Authenticate - bad auth-scheme value "Bearer"

[harmoney-danc]

Hello, I have just noticed that if there is an Authentication error the response includes the WWW-Authenticate header like WWW-authenticate OAuth realm='OAuth API', error='invalid_token'

According to the specification https://tools.ietf.org/html/rfc6750#page-7 it should use Bearer. It looks like OAuth is not a valid auth-scheme. Can someone confirm?

Some of the browsers seem to initiate a Basic-auth if the response contains OAuth (ex. Safari Version 8.0.8 on OS X Yosemite version 10.10.5). It might be that OAuth is not recognized and the browser falls back to a default.

Best regards, Dan