TL;DR: If a bearer-token request hits an endpoint with route-model-binding but with an incorrect token, the response should be 401 instea
401
