I know this was discussed in 2013, but worth revisting.
Could your endpoints be updated to accept lowercase
bearer on the authorization header, as well as
Bearer? At the moment they return a
400 “malformed” error.
However, the token endpoint returns lower case
token_type, and many out of the box oauth libraries will use this value when making authenticated requests.
I’ve lost a few hours to debugging this issue, and now have to write some custom code over
Next Auth to authenticate requests properly.
There’s some good thinking here from Panva (OAuth expert) token_type received from /token endpoint is case sensitive · Issue #248 · panva/node-openid-client · GitHub
I think the Freeagent API should be able to accept
bearer without breaking any existing apps?