Skip to end of metadata
Go to start of metadata

IETF OAuth2 Bearer Tokens are described in RFC 6750.

Bearer Tokens

Bearer tokens are tokens that grant access to resources (identified by the tokens) without the need for cryptographic keys(Proof of Possession) of the entity(aka Bearer), in possession of the tokens.

Mandatory requirement is that bearer tokens are protected in storage and transport.

Mandatory Requirements

  • TLS/SSL is mandatory.
  • token_type should be set to "Bearer".
  • SHOULD issue short lived and scoped bearer tokens.
  • SHOULD NOT be passed as query parameters.
  • Resource/Authorization Server MUST use HTTP “WWW-Authenticate” response header field.
  • Clients MUST use HTTP "Authorization" request header field to pass the bearer token to the server.

Potential Types of Bearer Tokens

References

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.