Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

401 does not return WWW-Authenticate #124

Closed
spinto opened this issue Mar 29, 2016 · 1 comment
Closed

401 does not return WWW-Authenticate #124

spinto opened this issue Mar 29, 2016 · 1 comment

Comments

@spinto
Copy link

spinto commented Mar 29, 2016

when you use the library as an OAuth 2.0 Resource Server, if no Bearer is provided, the 401 Unauthorized code will be returned without a "WWW-Authenticate" header, which is a must for the RFC . For OAuth2, this should be set to "Bearer realm="<your_realm>"" .
@zandbelt
Copy link
Member

Thanks for reporting. Closer inspection of RFC6750 shows that more details error responses that include error and error_description would also be appropriate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zandbelt @spinto