Oauth2 with JWT : Problem with http response code

Hello,

 

I have a problem when I have to authorize ressource (userinfo) with Oauth.

 

The token is JWT. I have to add in an iRule "HTTP::header remove Authorization" (when ACCESS_ACL_ALLOWED). If I don't do that I always have a 401 response.

 

If I write this iRule, it works, but the user agent has to not send the 4 cookies received because the session can't be match (I guess) or I have to kill the session in the server side.

 

And when the token is expired (with the iRule enable), I do not have a 401 response (like I want !) but a code 200 with big-ip logout page.

 

I would like to have 401 responses when JWT token is expired and not to have to manually remove cookies.

 

Thank you very much for you help.