What is the Bearer Token in OAuth?

Oauth

About

bearer token is a oauth access token implementation defined in the OAuth 2.0 Authorization Framework

  • Bearer Tokens are the predominant type of access token used with OAuth 2.0.
  • This is a stateless authentication mechanism as the user state is never saved in server memory.

Format

A Bearer Token is an opaque string, not intended to have any meaning to clients using it.

There is no defined structure for the token required by the specification 1). You can generate and implement them however you want.

The token may be:

  • structured such as a Json Web Token (JWT), Self-Encoded tokens
  • or unstructured such as a hexadecimal nonce that would be stored in a database along with the associated user and scope information.

The valid characters are:

  • alphanumeric,
  • and the following punctuation characters: -._~+/

Usage

Any party in possession of a bearer token (a bearer) can use it to get access to the associated resources (without demonstrating possession of a cryptographic key) because the token is:

  • signed
  • or is known by the authorization server

Authorization header

You will find it in the authoritzation header of a HTTP request 

Authorization: Bearer <token>
Authorization: Bearer some+base64+string

Glossary

Bearer-Only

When an authentication is bearer-only, it means that the authentication requires a authorization header

1)
The OAuth 2.0 Authorization Framework: Bearer Token Usage - specification




Discover More
Http - Authorization Header (authentication entries)

authorization is a header that contains credentials to authenticate a user known also as Authentication entry. In the request, you would see the following [header|header]] The basic authentication...
Oauth
Oauth 2.0 - Authorization framework

The OAuth 2.0 Authorization Framework specification together with the OAuth 2.0 Bearer Token Usage provide a general framework for third-party applications (know as the client) to obtain and use limited...
Oauth 2.0 - Authorization framework

This section talks OAuth 2.0 (OAuth 2.0 replaces OAuth 1.0) The following two specifications provide a general framework for third-party applications (know as the client) to obtain and use limited...
What are the HTTP Authentication schemes and methods?

This page lists the HTTP authentication schemes and the HTTP components that they used Via the Http Authorization Header: Basic Bearer Digest Others: DPoP HOBA 7486rfc 7486, Section 3...
Jwt Auth Flow
What is a JWT or JWS token? (Json web signed token)

json web token is a access token. It's also known as jot. When a JWT is signed, it becomes a JWS and can be used for sender authentication and authorization. The main purpose of JWTs is to transfer...
Oauth
What is a Oauth Access Token?

This page talks access token in the context of the OAuth specification. An access token is a token representing an access authorization created during: a implicit grant flow or a authorization code...
What is an access token?

A token is a authentication material An access token is a token (string) representing an access authorization. It is equivalent to a session identifier in format. It's a token that serves as delegation-specific...



Share this page:
Follow us:
Task Runner