@@ -71,17 +71,23 @@ export function requireBearerAuth({ verifier, requiredScopes = [], resourceMetad
7171 req . auth = authInfo ;
7272 next ( ) ;
7373 } catch ( error ) {
74+ // Build WWW-Authenticate header parts
75+ const buildWwwAuthHeader = ( errorCode : string , message : string ) : string => {
76+ let header = `Bearer error="${ errorCode } ${ message } ;
77+ if ( requiredScopes . length > 0 ) {
78+ header += `, scope="${ requiredScopes . join ( ' ' ) } ;
79+ }
80+ if ( resourceMetadataUrl ) {
81+ header += `, resource_metadata="${ resourceMetadataUrl } ;
82+ }
83+ return header ;
84+ } ;
85+
7486 if ( error instanceof InvalidTokenError ) {
75- const wwwAuthValue = resourceMetadataUrl
76- ? `Bearer error="${ error . errorCode } ${ error . message } ${ resourceMetadataUrl }
77- : `Bearer error="${ error . errorCode } ${ error . message } ;
78- res . set ( 'WWW-Authenticate' , wwwAuthValue ) ;
87+ res . set ( 'WWW-Authenticate' , buildWwwAuthHeader ( error . errorCode , error . message ) ) ;
7988 res . status ( 401 ) . json ( error . toResponseObject ( ) ) ;
8089 } else if ( error instanceof InsufficientScopeError ) {
81- const wwwAuthValue = resourceMetadataUrl
82- ? `Bearer error="${ error . errorCode } ${ error . message } ${ resourceMetadataUrl }
83- : `Bearer error="${ error . errorCode } ${ error . message } ;
84- res . set ( 'WWW-Authenticate' , wwwAuthValue ) ;
90+ res . set ( 'WWW-Authenticate' , buildWwwAuthHeader ( error . errorCode , error . message ) ) ;
8591 res . status ( 403 ) . json ( error . toResponseObject ( ) ) ;
8692 } else if ( error instanceof ServerError ) {
8793 res . status ( 500 ) . json ( error . toResponseObject ( ) ) ;
0 commit comments