Question regarding the OAuth2 Authorization header,
Some sites use Authorization: Bearer [access_token]
but some sites use Authorization: OAuth [access_token].
So is both of them a valid oauth2 spec based on https://www.rfc-editor.org/rfc/rfc6750 ?
Authorization: Bearer [access_token] is defined in RFC 6750, but Authorization: OAuth [access_token] is not.
You can find Authorization: OAuth ... in RFC 5849 (The OAuth 1.0 Protocol). Note that RFC 5849 is obsoleted.