Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/8CPqSBN6jaI Import Date: 2016-01-19 21:38:49 +0000.
Date:Friday, 25 December 2015 14:24:45 UTC.
I carefully read Oauth2 Flow Option 2 at the documentation and stack in the /oauth/authorize/ .
When I make a standard Authorization Request as described in RFC , TYK returns Authorization field missing error.
I have checked the source, which requires Authorization in header, It works when I add a header "Authorization : Bearer xxxxxxxxxx " but I am confused that this request is done by client browser/app and it is not secure to give it to client. Also this header is not required in RFC.
I am bit confused , what am I doing false?