If security bootstrapping is enabled on an exploration service using one of the following IANA-registered HTTP Authentication Schemes: Basic, Bearer, or Digest, then a 401 HTTP response at an API endpoint intended to serve a TD MUST include a WWW-Authenticate header and any other headers describing the required authorizations.
Currently, zion uses the Bearer token mechanism but it does not fulfill the assertion.
The exploration-secboot-auth states that:
Currently, zion uses the Bearer token mechanism but it does not fulfill the assertion.