const c = parseWWWAuthenticate(
'Bearer realm="api", error="invalid_token", resource_metadata="https://api.example.com/.well-known/oauth-protected-resource"'
);
// c.scheme === 'bearer'
// c.error === 'invalid_token'
// c.resource_metadata === 'https://api.example.com/.well-known/oauth-protected-resource'
Parse a
WWW-Authenticateheader into its auth-scheme and parameters.Handles the single-challenge case used by MCP servers in practice: one scheme (typically
Bearer) followed by comma-separatedkey=valueorkey="value"auth-params. Returnsnullfor an empty or malformed header.Quoted-string values may contain escaped quotes (
\") and backslashes (\\), per RFC 9110 §5.6.4; these are unescaped on the way out.