Null in header 'WWW-Authenticate'.

[janithcmw]

Description

The following response can be observed when an API is invoked with an empty 'Authorization' header in APIM-3.2.0. Focus on the "null" in the response header 'WWW-Authenticate'.

< HTTP/1.1 401 Unauthorized
< activityid: ecbf1006-bcf7-4cce-aa42-e8ab0fb651df
< Access-Control-Expose-Headers:
< Accept: */*
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: POST
< WWW-Authenticate: OAuth2 realm="WSO2 API Manager" Basic Auth realm="WSO2 API Manager" null, error="invalid_token", error_description="The access token expired"
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction,apikey,testKey,Authorization
< Content-Type: application/xml; charset=UTF-8
< Date: Tue, 13 Aug 2024 13:57:14 GMT
< Transfer-Encoding: chunked

Steps to Reproduce

Steps to replicate the issue.

1. Create an API and enable 'API Key' Application level security.
2. Invoke the API without the header 'Authorization'
3. You can check the response header and for further confirmation, you can check the wire logs as well.

Affected Component

APIM

Version

3.2.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response

[nisan-abeywickrama]

This issue can be closed as the fix [1] is already is available in the public code.

[1] - wso2/carbon-apimgt#11251