Why is 'Bearer' required before the token in 'Authorization' header in a HTTP request
genkio opened this issue · 0 comments
genkio commented
The Authorization: pattern was introduced by the W3C in HTTP 1.0, and has been reused in many places since. Many web servers support multiple methods of authorization. In those cases sending just the token isn't sufficient.
Sites that use the Authorization : Bearer cn389ncoiwuencr
format are most likely implementing OAuth 2.0 bearer tokens.The OAuth 2.0 Authorization Framework sets a number of other requirements to keep authorization secure, for instance requiring the use of HTTPS/TLS.