I spent quite some time trying to figure out why bearer authentication did not work and the reason was that the token was an empty string, essentially "Bearer ". Is it specified somewhere that the request will be unauthorized on empty tokens?

The token cannot be empty according to the grammar: https://httpwg.org/specs/rfc9110.html#auth.params

I see thanks, it's just no error was thrown and it took some time to figure it out

Do you mean that the

Authentication

plugin on the server didn't return a 401 status code on an empty token?

No 401 was returned, it was just i was trying to check the token during tests and the request never arrived to that point and i was trying to find out why it happened. briefly:

val token = ""

client.get(/v1/endpoint, {
                          header("Authorization", "Bearer $token")
}

and i could not step into the

get()

route because 401 was returned