JWT Bearer token authentication error after moving from ASP.NET vNext beta5 to beta7

I moved from beta5 to beta7 ASP.NET vNext and I get following error when I try to access protected API controller with invalid JWT token or without token at all:

InvalidOperationException: The following authentication scheme was not accepted: Microsoft.AspNet.Http.Authentication.Internal.DefaultAuthenticationManager.d__10.MoveNext()

If I try to access protected controller with valid token I can successfully get response.

Here is my protected controller:

    [Authorize]
    [Route("api/protected")]
    public class ProtectedController : Controller
    {
        [Route("")]
        public IEnumerable<object> Get()
        {
            var identity = User.Identity as ClaimsIdentity;

            return identity.Claims.Select(c => new
            {
                Type = c.Type,
                Value = c.Value
            });
        }
    }

Here is my Startup class:

    public class Startup
    {
        public Startup(IHostingEnvironment env)
        {
        }

        public static IConfiguration Configuration { get; set; }

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();
        }

        // Configure is called after ConfigureServices is called.
        public void Configure(IApplicationBuilder app, IApplicationEnvironment env)
        {
            ConfigureOAuthTokenConsumption(app);
            app.UseMiddleware<StaticFileMiddleware>(new StaticFileOptions());
            app.UseErrorPage();
            app.UseMvc(); 
        }

        private void ConfigureOAuthTokenConsumption(IApplicationBuilder app)
        {

            // Api controllers with an [Authorize] attribute will be validated with JWT
            app.UseOwin(addToPipeline =>
            {
                addToPipeline(next =>
                {
                    var appBuilder = new AppBuilder();
                    appBuilder.Properties["builder.DefaultApp"] = next;

                    var issuer = Settings.Issuer;
                    var audience = Settings.Audience;
                    var secret = TextEncodings.Base64Url.Decode(Settings.Secret);


                    appBuilder.UseJwtBearerAuthentication(
                        new JwtBearerAuthenticationOptions
                        {
                            AuthenticationMode = AuthenticationMode.Active,
                            AllowedAudiences = new[] { audience },
                            IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                            {
                                new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
                            },
                        });

                    return appBuilder.Build<AppFunc>();
                });
            });
        }
    }

When I was on beta5 it worked ok. I got 401 response when I requested protected controller without valid token and it was correct behavior. Do I need to change JWT token consumption configuration in ASP.NET vNext beta7?