Skip to Content

Why we need 'Bearer' before token in 'Authorization' header?

Posted on

This is the answer from StackOverFlow

The Authorization: <type> <credentials> pattern was introduced by the W3C in HTTP 1.0, and has been reused in many places since. Many web servers support multiple methods of authorization. In those cases sending just the token isn’t sufficient.

Sites that use the

Authorization : Bearer cn389ncoiwuencr

format are most likely implementing OAuth 2.0 bearer tokens.The OAuth 2.0 Authorization Framework sets a number of other requirements to keep authorization secure, for instance requiring the use of HTTPS/TLS.

If you’re integrating with a service that is using OAuth 2.0 it is a good idea to get familiar with the framework so that the flow you’re using is implemented correctly, and avoiding unnecessary vulnerabilities. There are a number of good tutorials available online.

comments powered by Disqus