From eb0362c843ac17b922fb3cfc0d6fa2a986d1fc4a Mon Sep 17 00:00:00 2001
From: luckv <luck.visentin@gmail.com>
Date: Sat, 23 Feb 2019 14:09:52 +0100
Subject: [PATCH 1/3] WWW-Authenticate headers

Add the WWW-Authenticate header any time the token authentication fails, as described in the section 3.1 of RFC 6750
---
 lib/handlers/authenticate-handler.js | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js
index 590c476a2..f93164d4d 100644
--- a/lib/handlers/authenticate-handler.js
+++ b/lib/handlers/authenticate-handler.js
@@ -87,12 +87,21 @@ AuthenticateHandler.prototype.handle = function(request, response) {
       return this.updateResponse(response, token);
     })
     .catch(function(e) {
-      // Include the "WWW-Authenticate" response header field if the client
-      // lacks any authentication information.
+      // Include the "WWW-Authenticate" response header field if the token authentication fails
       //
       // @see https://tools.ietf.org/html/rfc6750#section-3.1
-      if (e instanceof UnauthorizedRequestError) {
-        response.set('WWW-Authenticate', 'Bearer realm="Service"');
+      if (e instanceof InvalidRequestError || e instanceof InvalidTokenError || e instanceof InsufficientScopeError || e instanceof UnauthorizedRequestError) {
+
+        if(e instanceof UnauthorizedRequestError)
+          response.set('WWW-Authenticate', 'Bearer realm="Service"');
+        else 
+        {
+          if(e.message)
+            response.set('WWW-Authenticate', `Bearer realm="Service";error="${e.name}";error_description="${e.message}"`);
+          else
+            response.set('WWW-Authenticate', `Bearer realm="Service";error="${e.name}"`);
+        }
+
       }
 
       if (!(e instanceof OAuthError)) {

From 553af12cc0b3eb4e66f623336d37d8c29bee694d Mon Sep 17 00:00:00 2001
From: luckv <luck.visentin@gmail.com>
Date: Sat, 23 Feb 2019 14:35:33 +0100
Subject: [PATCH 2/3] Use util.format because es6 string template is not
 supported

---
 lib/handlers/authenticate-handler.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js
index f93164d4d..e6f9ae2e8 100644
--- a/lib/handlers/authenticate-handler.js
+++ b/lib/handlers/authenticate-handler.js
@@ -15,6 +15,7 @@ var Request = require('../request');
 var Response = require('../response');
 var ServerError = require('../errors/server-error');
 var UnauthorizedRequestError = require('../errors/unauthorized-request-error');
+var utilFormat = require('util').format;
 
 /**
  * Constructor.
@@ -97,9 +98,9 @@ AuthenticateHandler.prototype.handle = function(request, response) {
         else 
         {
           if(e.message)
-            response.set('WWW-Authenticate', `Bearer realm="Service";error="${e.name}";error_description="${e.message}"`);
+            response.set('WWW-Authenticate', utilFormat('Bearer realm="Service",error="%s",error_description="%s"',e.name,e.message));
           else
-            response.set('WWW-Authenticate', `Bearer realm="Service";error="${e.name}"`);
+            response.set('WWW-Authenticate', utilFormat('Bearer realm="Service",error="%s"', e.name));
         }
 
       }

From 7a61fcd0153d5ab42cbaba87e907943abfe6f488 Mon Sep 17 00:00:00 2001
From: luckv <luck.visentin@gmail.com>
Date: Sat, 23 Feb 2019 14:39:29 +0100
Subject: [PATCH 3/3] eslint fix

---
 lib/handlers/authenticate-handler.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js
index e6f9ae2e8..812481752 100644
--- a/lib/handlers/authenticate-handler.js
+++ b/lib/handlers/authenticate-handler.js
@@ -94,13 +94,13 @@ AuthenticateHandler.prototype.handle = function(request, response) {
       if (e instanceof InvalidRequestError || e instanceof InvalidTokenError || e instanceof InsufficientScopeError || e instanceof UnauthorizedRequestError) {
 
         if(e instanceof UnauthorizedRequestError)
-          response.set('WWW-Authenticate', 'Bearer realm="Service"');
+        {response.set('WWW-Authenticate', 'Bearer realm="Service"');}
         else 
         {
           if(e.message)
-            response.set('WWW-Authenticate', utilFormat('Bearer realm="Service",error="%s",error_description="%s"',e.name,e.message));
+          {response.set('WWW-Authenticate', utilFormat('Bearer realm="Service",error="%s",error_description="%s"',e.name,e.message));}
           else
-            response.set('WWW-Authenticate', utilFormat('Bearer realm="Service",error="%s"', e.name));
+          {response.set('WWW-Authenticate', utilFormat('Bearer realm="Service",error="%s"', e.name));}
         }
 
       }