The client is expected to send an Authorization header (as defined in
RFC 7235 [RFC7235], Section 4.1 [11]) where the "auth-scheme" is
"Signature" and the "auth-param" parameters meet the requirements
listed in Section 2: The Components of a Signature.
It's a bit confusing because section 3.1 includes the "Authorization" header but it has a reference to the "WWW-Authenticate" section of RFC 7235. Then section 3.1.1 has an example with the "WWW-Authenticate" header, then section 3.1.2 uses the "Authorization" header.
I think you meant "RFC 7235 [RFC7235], Section 4.2" (??)
Section 3.1 has the following paragraph:
It's a bit confusing because section 3.1 includes the "Authorization" header but it has a reference to the "WWW-Authenticate" section of RFC 7235. Then section 3.1.1 has an example with the "WWW-Authenticate" header, then section 3.1.2 uses the "Authorization" header.
I think you meant "RFC 7235 [RFC7235], Section 4.2" (??)