Keycloak token endpoint response JSON with improper token_type='bearer', should it be 'Bearer' as according to OIDC spec?

I see that keycloak (9.0.x) token endpoint response JSON with the token_type claim = ‘bearer’…


{"access_token":"eyJhbG..",
"token_type":"bearer",
...
}

in the OIDC specification, it state that the ‘token_type’ MUST be ‘Bearer’ (but not ‘bearer’…)

So, is it that keycloak / RHSSO deviate from the specification? a bug?

Thx.

That spec doesn’t indicate case sensitivity. According to that spec, “The parameters in the successful response are defined in Section 4.1.4 of OAuth 2.0 [RFC6749]”, which states:

   token_type
         REQUIRED.  The type of the token issued as described in
         Section 7.1.  Value is case insensitive.

@xgp

thanks…

i see from the OIDC specification (as well as the examples) indicate ‘Bearer’…:

The OAuth 2.0 token_type response parameter value MUST be Bearer, as specified in OAuth 2.0 Bearer Token Usage [RFC6750], unless another Token Type has been negotiated with the Client.

Need to cross check with the OAuth 2.0 specification too…!