The brief workflow summary states that Alice gets presented with a "sign in" screen with her 401 from bob.com.
In the common case in which Alice's user agent is a mobile app or an async browser request, I'd expect Bob's response to include a WWW-Authenticate header and a JSON payload.
The brief workflow summary states that Alice gets presented with a "sign in" screen with her 401 from
bob.com.In the common case in which Alice's user agent is a mobile app or an async browser request, I'd expect Bob's response to include a WWW-Authenticate header and a JSON payload.