Bearer2 Client
RFC 9728 · OAuth 2.0 Protected Resource Metadata discovery
Discovery Flow
1GET /demo/bearer2 → 401 + WWW-Authenticate challenge
2GET resource_metadata URL → Protected Resource document
3GET /well-known/oauth-authorization-server → AS metadata
4GET /authorize → Login → POST /token → access token