What should I pass for the WWW-Authenticate header on 401s if I'm only using OpenID?

Question

The HTTP spec states:

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-A

Answer 1

There is an OAuth Discovery spec that would indicate what to put into the WWW-Authenticate header -- if the spec were not obsolete without a replacement spec yet.