Take a look at RFC 6750 The OAuth 2.0 Authorization Framework: Bearer
Token Usage - particularly section 3:
http://tools.ietf.org/html/rfc6750#section-3 which describes using the
WWW-Authenticate response header field in response to a request with
an invalid/insufficient/missing/etc token.
On
Thank you very much. It is the specification for token_type=bearer
but really useful. I'm ashamed of having forgotten the content of
RFC 6750 although I had read it once before.
Best Regards,
Takahiko Kawasaki
2014-07-30 21:23 GMT+09:00 Brian Campbell bcampb...@pingidentity.com:
Take a look at