Authorization token prefix "Bearer" is misspelled in some examples

[srosenda]

The prefix is spelled "BEARER" in some examples, when it should be spelled exactly as "Bearer". see RFC 6750, section 2.1. Authorization Request Header Field.

[bc-pi]

"BEARER" is perfectly legal https://www.rfc-editor.org/rfc/rfc9110.html#name-authentication-scheme

[jogu]

Agree with what Brian said. This has also been further clarified in OAuth 2.1: oauth-wg/oauth-v2-1@673d7f0

[srosenda]

You are correct, according to RFC9110 and the discussion in OAuth 2.1 repository OAuth implementations should accept the authentication scheme regardless of its character case.

Would it still be good to at least unify the OpenID4VCI examples to use the same spelling for the "Bearer" authentication scheme? There's also IANA HTTP Authentication Scheme registry that defines the "Bearer" scheme with capital initial letter which matches also the spelling in RFC6750. From robustness principle / Postel's law perspective clients creating requests could use the IANA spelling "Bearer" and servers processing them should accept spelling in any mixed case.