send
fun HttpServletResponse.sendUnauthorized(code: String, reason: String, wwwAuthenticate: String? = null)
Write a 401 Unauthorized response with a compact JSON body and optional WWW-Authenticate header.
Body shape: {"code":"
Parameters
code
short machine-friendly string (e.g., "invalid_dpop", "cnf_mismatch")
reason
human-readable explanation
www
optional value for the WWW-Authenticate header (e.g., "DPoP")