OAuth2 handler should return 401 when access token is missing or invalid
see https://tools.ietf.org/html/rfc6750#section-3
The current behavior is to redirect to the portal
see https://tools.ietf.org/html/rfc6750#section-3
The current behavior is to redirect to the portal