Include validation error in response challenge
Per RFC 6750 error responses should include one of three error codes and an error description.
See https://www.rfc-editor.org/rfc/rfc6750#section-3.1
Renamed isAuthorized()
function authorize()
and refactored it to
return an error
instead of bool
.
The request handler, in turn, checks for an error from authorize()
and
includes the correct error
and error_description
attributes in
the "WWW-Authenticate" response header.