Empty Bearer is not Rejected with 401 #247
Description
Authorization: Bearer not rejected outright, and instead ends up as a 400.
This is because of the express-oauth2-jwt-bearer package which has its own opinions about what is a 400 and what is a 401 as it pertains to the Authorization header.