api
auth_error
ai_generated
true
401 Unauthorized: Authorization header missing 'Bearer' prefix
ID: api/oauth2-authorization-header-missing-bearer
90%Fix Rate
85%Confidence
1Evidence
2023-03-15First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| OAuth 2.0 (RFC 6750) | active | — | — | — |
| OpenID Connect 1.0 | active | — | — | — |
| Spring Security 6.0+ | active | — | — | — |
| ASP.NET Core 7+ | active | — | — | — |
Root Cause
Client sent a token in the Authorization header without the required 'Bearer ' scheme prefix, causing the server to reject the request.
generic中文
客户端在授权标头中发送了令牌,但未包含必需的 'Bearer ' 方案前缀,导致服务器拒绝请求。
Official Documentation
https://datatracker.ietf.org/doc/html/rfc6750#section-2.1Workarounds
-
90% success Ensure the Authorization header value starts with 'Bearer ' followed by the token. Example in curl: curl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' https://api.example.com/resource
Ensure the Authorization header value starts with 'Bearer ' followed by the token. Example in curl: curl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' https://api.example.com/resource
-
85% success If using a client library, check the configuration to ensure it automatically adds the 'Bearer' prefix. For example, in requests library: headers={'Authorization': f'Bearer {token}'}
If using a client library, check the configuration to ensure it automatically adds the 'Bearer' prefix. For example, in requests library: headers={'Authorization': f'Bearer {token}'} -
95% success Log the raw Authorization header value on the client side to verify the prefix is present before sending.
Log the raw Authorization header value on the client side to verify the prefix is present before sending.
中文步骤
Ensure the Authorization header value starts with 'Bearer ' followed by the token. Example in curl: curl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' https://api.example.com/resource
If using a client library, check the configuration to ensure it automatically adds the 'Bearer' prefix. For example, in requests library: headers={'Authorization': f'Bearer {token}'}Log the raw Authorization header value on the client side to verify the prefix is present before sending.
Dead Ends
Common approaches that don't work:
-
30% fail
The token itself is already base64-encoded and does not require additional encoding; URL encoding may corrupt the token.
-
50% fail
The server strictly checks for the exact 'Bearer ' string; missing it still results in a 401.
-
70% fail
Most modern OAuth 2.0 servers only recognize 'Bearer'; using 'Token' leads to rejection.