Rejiggery.

Send HTTP 401 for invalid_token, rather than insufficient_scope

.travis.yml

@@ -5,7 +5,7 @@ php:
   - 5.5
   - 5.6
   - hhvm
-  
+
 matrix:
   allow_failures:
     - php: hhvm

README.md

@@ -12,7 +12,7 @@ The framework is provided as a Composer package which can be installed by adding
 ```javascript
 {
 	"require": {
-		"league/oauth2-server": "3.*"
+		"league/oauth2-server": "~3.2"
 	}
 }
 ```

src/League/OAuth2/Server/Resource.php

@@ -163,7 +163,7 @@ class Resource
         // include the "WWW-Authenticate" response header field
         // matching the authentication scheme used by the client.
         // @codeCoverageIgnoreStart
-        if ($error === 'insufficient_scope') {
+        if ($error === 'invalid_token') {
             $authScheme = null;
             $request = new Request();
             if ($request->server('PHP_AUTH_USER') !== null) {

tests/resource/ResourceServerTest.php

@@ -38,8 +38,8 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
     public function test_getExceptionHttpHeaders()
     {
         $this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
-        $this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
-        $this->assertContains('HTTP/1.1 403 Forbidden', League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
+        $this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
+        $this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
     }
 
     public function test_setRequest()