diff --git a/lib/AuthHandler.ts b/lib/AuthHandler.ts
index 557eb14..b863a1c 100644
--- a/lib/AuthHandler.ts
+++ b/lib/AuthHandler.ts
@@ -37,8 +37,12 @@ class AuthRequest {
   public is_basic: boolean;
   public user: string;
   public password: string;
+
+  public is_bearer: boolean;
+  public token?: string;
   public token_data?: unknown;
   public token_id?: string;
+
   public body: string;
 
   private _cookie_name?: string;
@@ -53,6 +57,7 @@ class AuthRequest {
     this.response = res;
     this.body = body;
     this.is_basic = false;
+    this.is_bearer = false;
     this.user = '';
     this.password = '';
     this._cookie_name = cookie;
@@ -180,7 +185,7 @@ export default function create_auth_handler (
       .exec (req.headers.authorization as string);
 
     if (token === null) {
-      request.deny ();
+      request.invalid ('missing authorization header');
       return Promise.resolve ();
     }
 
@@ -197,37 +202,42 @@ export default function create_auth_handler (
       return default_handler (request);
     }
 
-    const token_data = auth.verify (token?.groups?.token as string);
+    if ((/Bearer/ui).test (token?.groups?.type as string)) {
+      request.is_bearer = true;
+      request.token = token?.groups?.token;
 
-    if (!token_data.valid) {
-      request.deny ();
+      const token_data = auth.verify (request.token as string);
+
+      if (!token_data.valid)
+        return default_handler (request);
+
+      request.token_data = token_data.data;
+      request.token_id = token_data.id;
+
+      if (
+        typeof options !== 'undefined'
+        && typeof options.refresh !== 'undefined'
+        && token_data.type === 'refresh_token'
+      ) {
+        request.allow_access (options.refresh);
+        return Promise.resolve ();
+      }
+
+      if (
+        typeof options !== 'undefined'
+        && typeof options.modules !== 'undefined'
+        && token_data.type === 'part_token'
+        && typeof token_data.next_module !== 'undefined'
+        && Object.keys (options.modules)
+          .includes (token_data.next_module)
+      )
+        return options.modules[token_data.next_module] (request);
+
+      request.invalid ('invalid bearer type');
       return Promise.resolve ();
     }
 
-    request.token_data = token_data.data;
-    request.token_id = token_data.id;
-
-    if (
-      typeof options !== 'undefined'
-      && typeof options.refresh !== 'undefined'
-      && token_data.type === 'refresh_token'
-    ) {
-      request.allow_access (options.refresh);
-      return Promise.resolve ();
-    }
-
-    if (
-      typeof options !== 'undefined'
-      && typeof options.modules !== 'undefined'
-      && token_data.type === 'part_token'
-      && typeof token_data.next_module !== 'undefined'
-      && Object.keys (options.modules)
-        .includes (token_data.next_module)
-    )
-      return options.modules[token_data.next_module] (request);
-
-    request.invalid ('invalid bearer type');
-    return Promise.resolve ();
+    return default_handler (request);
   };
 }
 
diff --git a/test/spec/AuthHandler.ts b/test/spec/AuthHandler.ts
index f713c5f..71aa91e 100644
--- a/test/spec/AuthHandler.ts
+++ b/test/spec/AuthHandler.ts
@@ -49,8 +49,11 @@ describe ('auth handler', () => {
   let server: http.Server|null = null;
   beforeAll (() => {
     const ah = create_auth_handler ((req) => {
-      if (!req.is_basic) {
-        req.invalid ('unknown autorization type');
+      if (!req.is_basic && !req.is_bearer) {
+        req.invalid ('unknown authorization type');
+      }
+      else if (req.is_bearer) {
+        req.deny ();
       }
       else if (req.user === 'foo' && req.password === 'bar') {
         req.allow_access ({
@@ -170,10 +173,13 @@ describe ('auth handler', () => {
   it ('should reject invalid requests', async () => {
     const resp1 = await get ();
     expect (resp1.statusCode)
-      .toEqual (401);
+      .toEqual (400);
     const res1 = check_headers (resp1);
     expect (res1.data)
-      .toEqual ({ error: 'invalid_client' });
+      .toEqual ({
+        error:             'invalid_request',
+        error_description: 'missing authorization header'
+      });
 
     const resp2a = await get ({ authorization: 'Basic foo:bar' });
     const res2a = check_headers (resp2a);
@@ -237,6 +243,17 @@ describe ('auth handler', () => {
     expect (res2.rt).not.toEqual (res1.rt);
   });
 
+  it ('should handle any authorization type', async () => {
+    const resp = await get ({ authorization: 'Foo asdefg' });
+    expect (resp.statusCode)
+      .toEqual (400);
+    expect (JSON.parse (resp.body as string))
+      .toEqual ({
+        error:             'invalid_request',
+        error_description: 'unknown authorization type'
+      });
+  });
+
   afterAll (() => {
     if (server === null)
       throw new Error ('server is null');