# 401 未授权：授权标头缺少 'Bearer' 前缀

- **ID:** `api/oauth2-authorization-header-missing-bearer`
- **领域:** api
- **类别:** auth_error
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

客户端在授权标头中发送了令牌，但未包含必需的 'Bearer ' 方案前缀，导致服务器拒绝请求。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| OAuth 2.0 (RFC 6750) | active | — | — |
| OpenID Connect 1.0 | active | — | — |
| Spring Security 6.0+ | active | — | — |
| ASP.NET Core 7+ | active | — | — |

## 解决方案

1. ```
   Ensure the Authorization header value starts with 'Bearer ' followed by the token. Example in curl:
curl -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' https://api.example.com/resource
   ```
2. ```
   If using a client library, check the configuration to ensure it automatically adds the 'Bearer' prefix. For example, in requests library: headers={'Authorization': f'Bearer {token}'}
   ```
3. ```
   Log the raw Authorization header value on the client side to verify the prefix is present before sending.
   ```

## 无效尝试

- **** — The token itself is already base64-encoded and does not require additional encoding; URL encoding may corrupt the token. (30% 失败率)
- **** — The server strictly checks for the exact 'Bearer ' string; missing it still results in a 401. (50% 失败率)
- **** — Most modern OAuth 2.0 servers only recognize 'Bearer'; using 'Token' leads to rejection. (70% 失败率)