oauthjs
If token authentication fails should set WWW-Authenticate header
When the autentication for get a resource fails (so only when checking the Authorization header), the RFC 6750 says that a WWW-Authenticate header must be set in the response. This library doesn't do this. It's a wanted behaviour or a forgotten functionality to implement? Because I have seen some closed issues related to versions 1.x and 2.x, but then no one talked about it and it has not been implemented yet. Thank you all, you are doing a great work anyway.
Errors
Properties related to oauth protocol flow
code, status, statusCode. The associated status code of the responsename. Intended to be used as theerrorparameter as described by RFC 6749 in Section 4.1.2.1, Section 4.2.2.1 and Section 5.2, as well as Section 3.1 of RFC 6750.message. Intended to be used as theerror_descriptionparameter as described by RFC 6749 in Section 4.1.2.1, Section 4.2.2.1 and Section 5.2, as well as Section 3.1 of RFC 6750.
The instance of the errors described below are referred as e inside each section
InvalidRequestError
Section 4.2.2.1 of RFC 6749 and Section 3.1 of RFC 6750
Status code SHOULD be 400 (Bad request)
Header WWW-Authenticate MUST be Bearer realm="Service",error="invalid_request"
Header WWW-Authenticate SHOULD be Bearer realm="Service",error="invalid_request",error_description="e.message"
InvalidTokenError
Section 4.2.2.1 of RFC 6749 and Section 3.1 of RFC 6750
Status code SHOULD be 401 (Unauthorized)
Header WWW-Authenticate MUST be Bearer realm="Service",error="invalid_token"
Header WWW-Authenticate SHOULD be Bearer realm="Service",error="invalid_token",error_description="e.message"
InsufficientScopeError
Status code SHOULD be 403 (Forbidded)
Header WWW-Authenticate MUST be Bearer realm="Service",error="insufficient_scope"
Header WWW-Authenticate SHOULD be Bearer realm="Service",error="invalid_token",error_description="e.message",scope="<scope/s necessary to access the resource>"
UnauthorizedRequestError
Status code SHOULD be 401 (Unauthorized)
Header WWW-Authenticate MUST be Bearer realm="Service"
No body in the response
I created a pull request with the code to write headers #555