Returning 401 only? Guess needing WWW-Authenticate header #5
Description
I am looking for tower implementation of JWT token authentication and I am visiting your software.
According to https://datatracker.ietf.org/doc/html/rfc6750#section-3, on failing, it should return WWW-Authenticate header along with 401 error code. But, I am failing to look up such code in your software.
What is your intention? You want users to stack other service to adding the header by themselves?