The resource server must include the HTTP "WWW-Authenticate" response header field, if the protected resource request contains an access token that is invalid or if the access token is malformed.
"WWW-Authenticate" header field uses the following format −
challenge = "OAuth" RWS token-challenge token-challenge = realm [CS error] [CS error-uri] [CS scope] [CS 1#auth –param] error = "error" "=" <"> token <"> error-desc = "error_description" "=" quoted-string error-uri = "error_uri" = <"> URI-Reference <"> scope = quoted-value / <"> quoted-value *(1*SP quoted-value) <"> quoted-value = 1* quoted-char
realm − It is an attribute which specifies the scope of protection and is displayed to the users so that they know which username and password to use. This attribute must appear only once.
error − It is an attribute used to provide a client the specific reason why the access request was declined.
error_description − It is an attribute that provides a human-readable text that can be used to help in understanding the error that occurred.
error_uri − It is an attribute that provides a URI to identify a human-readable web page along with the information about the error that has occurred.
scope − It is an attribute which specifies the required scope of the access token in order to access the requested resource.