From 8d7bf3f819927edb1813e9fea99f949615fb1102 Mon Sep 17 00:00:00 2001
From: Aaron Parecki <aaron@parecki.com>
Date: Fri, 15 Nov 2024 07:29:23 -0800
Subject: [PATCH] update reference to case insensitivity of auth scheme

closes #186
---
 draft-ietf-oauth-v2-1.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/draft-ietf-oauth-v2-1.md b/draft-ietf-oauth-v2-1.md
index 17e6c96..305ceb1 100644
--- a/draft-ietf-oauth-v2-1.md
+++ b/draft-ietf-oauth-v2-1.md
@@ -2153,13 +2153,13 @@ The syntax for Bearer credentials is as follows:
 
     token68    = 1*( ALPHA / DIGIT /
                      "-" / "." / "_" / "~" / "+" / "/" ) *"="
-    credentials = "Bearer" 1*SP token68
+    credentials = "bearer" 1*SP token68
 
 Clients SHOULD make authenticated requests with a bearer token using
 the `Authorization` request header field with the `Bearer` HTTP
 authorization scheme.  Resource servers MUST support this method.
 
-As described in Section 2.3 of {{RFC5234}}, the string `Bearer`
+As described in Section 11.1 of {{RFC9110}}, the string `bearer`
 is case-insensitive. This means all of the following are valid uses
 of the `Authorization` header:
 
@@ -3849,6 +3849,7 @@ Discussions around this specification have also occurred at the OAuth Security W
 
 * Updated language around client registration to better reflect alternative registration methods such as those in use by OpenID Federation and open ecosystems
 * Added DPoP and Step-Up Auth to appendix of extensions
+* Updated reference for case insensitivity of auth scheme to HTTP instead of ABNF
 
 -11