About
bearer token is a oauth access token implementation defined in the OAuth 2.0 Authorization Framework
- Bearer Tokens are the predominant type of access token used with OAuth 2.0.
- This is a stateless authentication mechanism as the user state is never saved in server memory.
Format
A Bearer Token is an opaque string, not intended to have any meaning to clients using it.
There is no defined structure for the token required by the specification 1). You can generate and implement them however you want.
The token may be:
- structured such as a Json Web Token (JWT), Self-Encoded tokens
- or unstructured such as a hexadecimal nonce that would be stored in a database along with the associated user and scope information.
The valid characters are:
- alphanumeric,
- and the following punctuation characters: -._~+/
Usage
Any party in possession of a bearer token (a bearer) can use it to get access to the associated resources (without demonstrating possession of a cryptographic key) because the token is:
- or is known by the authorization server
Authorization header
You will find it in the authoritzation header of a HTTP request
Authorization: Bearer <token>
Authorization: Bearer some+base64+string
Glossary
Bearer-Only
When an authentication is bearer-only, it means that the authentication requires a authorization header