From ff5e9f57a59d3865a93df227759b366cd1e4239f Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Thu, 10 May 2018 22:07:03 +0100
Subject: [PATCH] Only add authenticate header if present in original request
 thephpleague/oauth2-server#745

---
 src/Exception/OAuthServerException.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php
index 65fe861e..a62d961d 100644
--- a/src/Exception/OAuthServerException.php
+++ b/src/Exception/OAuthServerException.php
@@ -294,13 +294,9 @@ class OAuthServerException extends \Exception
         // include the "WWW-Authenticate" response header field
         // matching the authentication scheme used by the client.
         // @codeCoverageIgnoreStart
-        if ($this->errorType === 'invalid_client') {
-            $authScheme = 'Basic';
-            if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false
-                && strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0
-            ) {
-                $authScheme = 'Bearer';
-            }
+        if ($this->errorType === 'invalid_client' && array_key_exists('HTTP_AUTHORIZATION', $_SERVER) !== false) {
+            $authScheme = strpos($_SERVER['HTTP_AUTHORIZATION'], 'Bearer') === 0 ? 'Bearer' : 'Basic';
+
             $headers['WWW-Authenticate'] = $authScheme . ' realm="OAuth"';
         }
         // @codeCoverageIgnoreEnd