allow bearer and other types of authorization in default handler

test/spec/AuthHandler.ts

@@ -49,8 +49,11 @@ describe ('auth handler', () => {
   let server: http.Server|null = null;
   beforeAll (() => {
     const ah = create_auth_handler ((req) => {
-      if (!req.is_basic) {
-        req.invalid ('unknown autorization type');
+      if (!req.is_basic && !req.is_bearer) {
+        req.invalid ('unknown authorization type');
+      }
+      else if (req.is_bearer) {
+        req.deny ();
       }
       else if (req.user === 'foo' && req.password === 'bar') {
         req.allow_access ({
@@ -170,10 +173,13 @@ describe ('auth handler', () => {
   it ('should reject invalid requests', async () => {
     const resp1 = await get ();
     expect (resp1.statusCode)
-      .toEqual (401);
+      .toEqual (400);
     const res1 = check_headers (resp1);
     expect (res1.data)
-      .toEqual ({ error: 'invalid_client' });
+      .toEqual ({
+        error:             'invalid_request',
+        error_description: 'missing authorization header'
+      });
 
     const resp2a = await get ({ authorization: 'Basic foo:bar' });
     const res2a = check_headers (resp2a);
@@ -237,6 +243,17 @@ describe ('auth handler', () => {
     expect (res2.rt).not.toEqual (res1.rt);
   });
 
+  it ('should handle any authorization type', async () => {
+    const resp = await get ({ authorization: 'Foo asdefg' });
+    expect (resp.statusCode)
+      .toEqual (400);
+    expect (JSON.parse (resp.body as string))
+      .toEqual ({
+        error:             'invalid_request',
+        error_description: 'unknown authorization type'
+      });
+  });
+
   afterAll (() => {
     if (server === null)
       throw new Error ('server is null');