My API working with Bearer JWT token and when I tried to enable security validation I found few issues. One is already reported in #223 and I'm glad to see that it's already fixed (thank you for that). Second issue is in the same HttpProvider class and refers to the handling of header parameters, specifically Authorization header - it's not case insensitive, but it should be, according to the RFC 2616 and RFC 7230.
And indeed, in my server logic this header field is upper-cased so current HTTP provider implementation raising error for my valid JWT token.

Fix should be pretty simple:

headers = {k.lower(): v for k, v in request.parameters.header.items()}
auth_header = headers.get('authorization')
if auth_header is None:
    raise SecurityError('Missing authorization header.')