django-oauth-toolkit icon indicating copy to clipboard operation
django-oauth-toolkit copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Return proper WWW-Authenticate Header

Open ZuSe opened this issue 3 years ago • 0 comments

Describe the bug Hitting userinfo with an invalid token results in a 401 containing the www-authenticate header e.g.

'WWW-Authenticate': 'Bearer, error="invalid_token", error_description="The access token provided is expired, revoked,

The header should NOT contain any single value (only pairs = seperated by comma)

Expected behavior Receive a header which is standard conform

Version

  • [X] I have tested with the latest published release and it's still a problem.
  • [X] I have tested with the master branch and it's still a problem.

Additional context https://openid.net/specs/openid-connect-standard-1_0-07.html 4.3. Check ID Error Response

ZuSe avatar Jul 26 '21 16:07 ZuSe