Orchardcore: Remove the localized error descriptions from the authorization controller

I'm using an API controller with authentication. My OC site default culture is spanish. If I make a request using as authorization header an expired access token I get a 500 internal error as status code instead of the 401 with the localized error_description in the header.

This is the error I get:

System.InvalidOperationException: Invalid non-ASCII or control character in header: 0x00E1
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.ThrowInvalidHeaderCharacter(Char ch)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.ValidateHeaderValueCharacters(StringValues headerValues)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpResponseHeaders.SetValueFast(String key, StringValues value)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_Item(String key, StringValues value)
at Microsoft.AspNetCore.Http.ParsingHelpers.SetHeaderUnmodified(IHeaderDictionary headers, String key, Nullable1 values) at Microsoft.AspNetCore.Http.ParsingHelpers.AppendHeaderUnmodified(IHeaderDictionary headers, String key, StringValues values) at OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers.AttachWwwAuthenticateHeader1.HandleAsync(TContext context)
at OpenIddict.Validation.OpenIddictValidationDispatcher.DispatchAsyncTContext
at OpenIddict.Validation.OpenIddictValidationDispatcher.DispatchAsyncTContext
at OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandler.HandleChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.ChallengeAsync(AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties) at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.ChallengeAsync(AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at OrchardCore.Diagnostics.DiagnosticsStartupFilter.<>c__DisplayClass3_0.<b__1>d.MoveNext() in /Users/user/Desktop/OrchardCore-dev/src/OrchardCore.Modules/OrchardCore.Diagnostics/DiagnosticsStartupFilter.cs:line 34

This happens because OpenIdDict is returning a 401 status code and inserting a Header with key WWW-Authenticate and value the error description like this

Because I'm using spanish culture(es-ES) the localized error_description is "el token no es válido". That "á" character being inserted on the header makes Kestrel code fail and return internal server error to my request instead.

Repro steps:

• I downloaded the repo and used last bits from dev branch. I created a new site
• Enabled OpenId.Server,OpenId.TokenValidation and OrchardCore.Contents features.
• I changed the site default culture to es-ES
• I setup OpenId to get a valid token using password flow. I waited the token to expire.
• I called to the OrchardContents Controller using get method with the url http://localhost:5000/api/content/5. This controller uses authentication(I cheated a bit in this one because I removed the AllowAnonymous attribute in the code of the controller to test it faster) using my expired token. Then I got the error. I attach the call
  

Thanks for the attention. I'm not sure if I should report on OpenIdDict repo instead but since it happened using Orchard code I thought I should report it in here.
Also I would like to know if there is a way to use spanish(or any other culture) as default culture of the site but get the OpenId authentication error_descriptions without being localized