bearer token

From IndieWeb
Jump to: navigation, search

bearer token is a type of token that identifies whoever knows it (its “bearer”). It is the most common authentication type in OAuth.

Bearer token usage is defined by RFC 6750: OAuth 2.0 Bearer Token Usage. The exact definition reads:

A security token with the property that any party in possession of the token (a “bearer”) can use the token in any way that any other party in possession of it can. Using a bearer token does not require a bearer to prove possession of cryptographic key material (proof-of-possession).

Technological definition

It is important to note that RFC 6750 limits the character set for a bearer token:

     b64token    = 1*( ALPHA / DIGIT /
                       "-" / "." / "_" / "~" / "+" / "/" ) *"="
     credentials = "Bearer" 1*SP b64token