Is security `scheme` value lowercase or case-insensitive?

[hkosova]

The scheme field of the Security Scheme Object is defined as follows:

The name of the HTTP Authorization scheme to be used in the Authorization header as defined in RFC7235.

and subsequent examples use scheme: basic and scheme: bearer - with lowercase scheme names.

However, the Authentication Scheme Registry defines the scheme names starting with an uppercase letter:

• Basic
• Bearer
• Digest
• ...

Could you please clarify if the scheme value must be lowercase, or if both scheme: basic (as in the current examples) and scheme: Basic (as in the Auth Scheme Registry) are valid and equivalent?

[darrelmiller]

@hkosova As per RFC7235 auth scheme is case insensitive:

2.1. Challenge and Response

HTTP provides a simple challenge-response authentication framework
that can be used by a server to challenge a client request and by a
client to provide authentication information. It uses a case-
insensitive token as a means to identify the authentication scheme,
followed by additional information necessary for achieving

https://tools.ietf.org/html/rfc7235#section-2.1