I am using basic authentication for authenticating client credentials in Oauth2orize. In my tests I am using a browser based test-client to do the testing. If the credentials are wrong I get the basic form for user and password being opened to submit username and password.

I don't want that...I just want it to return 401. Is this a problem for browser based client only or is this for all clients? If its for all clients How do I avoid it and just return 401.

+1

Well, you've got to override how passport.authenticate handles the authentication and just not set that hideous www-authenticate header. Like this:

https://github.com/mws970/find-my-new-iPhone/blob/master/auth/router.js#L23-L34