bearertokens

Bearer tokens are a type of security token used to access protected resources in modern authorization frameworks. A bearer token serves as proof of authorization; possession of the token is enough to obtain access, without the need to prove the holder’s identity beyond the token itself. Clients present the token to the resource server using the HTTP Authorization header with the scheme Bearer, for example: Authorization: Bearer <token>. In some flows, tokens may also be sent in other places, but sending tokens in URLs is discouraged due to leakage in logs and referer headers.

Bearer tokens are typically issued by an authorization server as part of OAuth 2.0 or OpenID Connect.

Bearer tokens are usually short-lived and may be accompanied by refresh tokens to obtain new access tokens

See also: OAuth 2.0, JWT, OpenID Connect, token introspection.