{ "id": "api/oauth2-authorization-header-missing-bearer", "signature": "401 Unauthorized: Authorization header missing 'Bearer' prefix", "signature_zh": "401 未授权:授权标头缺少 'Bearer' 前缀", "regex": "401 Unauthorized: Authorization header missing 'Bearer' prefix", "domain": "api", "category": "auth_error", "subcategory": null, "root_cause": "Client sent a token in the Authorization header without the required 'Bearer ' scheme prefix, causing the server to reject the request.", "root_cause_type": "generic", "root_cause_zh": "客户端在授权标头中发送了令牌,但未包含必需的 'Bearer ' 方案前缀,导致服务器拒绝请求。", "versions": [ { "version": "OAuth 2.0 (RFC 6750)", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "OpenID Connect 1.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Spring Security 6.0+", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "ASP.NET Core 7+", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "The token itself is already base64-encoded and does not require additional encoding; URL encoding may corrupt the token.", "fail_rate": 0.3, "condition": "", "sources": [] }, { "action": "", "why_fails": "The server strictly checks for the exact 'Bearer ' string; missing it still results in a 401.", "fail_rate": 0.5, "condition": "", "sources": [] }, { "action": "", "why_fails": "Most modern OAuth 2.0 servers only recognize 'Bearer'; using 'Token' leads to rejection.", "fail_rate": 0.7, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Ensure the Authorization header value starts with 'Bearer ' followed by the token. Example in curl:\ncurl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' https://api.example.com/resource", "success_rate": 0.9, "how": "Ensure the Authorization header value starts with 'Bearer ' followed by the token. Example in curl:\ncurl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' https://api.example.com/resource", "condition": "", "sources": [] }, { "action": "If using a client library, check the configuration to ensure it automatically adds the 'Bearer' prefix. For example, in requests library: headers={'Authorization': f'Bearer {token}'}", "success_rate": 0.85, "how": "If using a client library, check the configuration to ensure it automatically adds the 'Bearer' prefix. For example, in requests library: headers={'Authorization': f'Bearer {token}'}", "condition": "", "sources": [] }, { "action": "Log the raw Authorization header value on the client side to verify the prefix is present before sending.", "success_rate": 0.95, "how": "Log the raw Authorization header value on the client side to verify the prefix is present before sending.", "condition": "", "sources": [] } ], "workarounds_zh": [ "Ensure the Authorization header value starts with 'Bearer ' followed by the token. Example in curl:\ncurl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' https://api.example.com/resource", "If using a client library, check the configuration to ensure it automatically adds the 'Bearer' prefix. For example, in requests library: headers={'Authorization': f'Bearer {token}'}", "Log the raw Authorization header value on the client side to verify the prefix is present before sending." ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://datatracker.ietf.org/doc/html/rfc6750#section-2.1", "official_doc_section": null, "error_code": null, "verification_tier": "ai_generated", "confidence": 0.85, "fix_success_rate": 0.9, "resolvable": "true", "first_seen": "2023-03-15", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }