felangel
commented
3 months ago According to RFC 7235 Section 2.1, the auth-scheme part of an HTTP Authorization header is case-insensitive.
That means Authorization: Bearer aaa111ccc and Authorization: bearer aaaccc (and also authorization: bearer aaa111ccc, since header names are also case-insensitive) must be treated identically.
1) OAuth2Token has "bearer" token type by default but the proper name is "Bearer" Case is crucial here, I cannot perform the request with "bearer". I debugged for an hour to find a reason! 2) Auth header name is "authorization", but it should be "Authorization". It doesn't really matter, header "authorization" has been accepted too, but it's still not correct.