branca-middleware icon indicating copy to clipboard operation
branca-middleware copied to clipboard

Published 20 hours ago verified publisher icon tuupola

Bearer in 401 response

Open tuupola opened this issue 6 years ago • 0 comments

https://tools.ietf.org/html/rfc6750#section-3

"If the protected resource request does not include authentication credentials or does not contain an access token that enables access to the protected resource, the resource server MUST include the HTTP "WWW-Authenticate" response header field; it MAY include it in response to other conditions as well. The "WWW-Authenticate" header field uses the framework defined by HTTP/1.1 [RFC2617]."

"All challenges defined by this specification MUST use the auth-scheme value "Bearer". This scheme MUST be followed by one or more auth-param values. The auth-param attributes used or defined by this specification are as follows. Other auth-param attributes MAY be used as well."

tuupola avatar Feb 17 '19 05:02 tuupola