Bearer token type casing?

[samuel99]

First of. This is my first time implementing OIDC, have that in mind when reading the following, my terminology might be wrong.

So, I'm using the oidc-client library to connect to an auth server from an Angular app. When I try to authenticate to an API, I append the authorization headers like so:

  getAuthorizationHeaderValue(): string {
    return `${this.user.token_type} ${this.user.id_token}`;
  }

The request looks like this:

The server does not accept bearer to be in lowercase. If I change to Bearer it works:

  getAuthorizationHeaderValue(): string {
    return `${this.capitalizeFirstLetter(this.user.token_type)} ${this.user.id_token}`;
  }
  capitalizeFirstLetter(string: string) {
    return string.charAt(0).toUpperCase() + string.slice(1);
  }

But this doesn't feel right?

If I look at the IETF spec it says:

https://tools.ietf.org/id/draft-ietf-oauth-v2-bearer-13.xml#rfc.section.5.1.1

Am I doing something wrong here? Can I change it to be Bearer instead of bearer?

[GuentherK]

I have to say I actually never used the token_type property and instead always wrote Bearer ${user.access_token}. The access_token prop is from the oidc-client usermanager

[samuel99]

Thanks for your reply @GuentherK!

Since this is my first time implementing oidc, I followed a tutorial and Scott used the token_type property. But then i know it's okay to just hardcode it to Bearer.
https://www.scottbrady91.com/Angular/SPA-Authentiction-using-OpenID-Connect-Angular-CLI-and-oidc-client

Thanks!