Random Authorization Header String Value is Not Rejected With 401 #249
Description
Authorization: thehabes is not rejected outright with a 401. Instead it comes back as 400.
This is because of the express-oauth2-jwt-bearer package which has its own opinions about what is a 400 and what is a 401 as it pertains to the Authorization header.