[Openid-specs-ab] Question about the non-normative example of a UserInfo Error Response
Takahiko Kawasaki
daru.tk at gmail.com
Sun Feb 7 05:54:16 UTC 2016
Hello,
I have a question about the non-normative example of a UserInfo Error
Response in "OpenID Connect Core 1.0, 5.3.3. UserInfo Error Response".
The following is the example in the section.
HTTP/1.1 401 Unauthorized
WWW-Authenticate: error="invalid_token",
error_description="The Access Token expired"
However, it seems to me that the value of WWW-Authenticate header should
start with "Bearer " like the following.
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer error="invalid_token",
error_description="The Access Token expired"
The reason I think so is that "RFC 6750, 3. The WWW-Authenticate Response
Header Field" says as follows.
All challenges defined by this specification
MUST use the auth-scheme value "Bearer".
Is it okay to start the value of WWW-Authenticate header with "Bearer " in
my implementation?
Best Regards,
Takahiko Kawasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160207/8e938222/attachment.html>
More information about the Openid-specs-ab
mailing list