Red Hat

OAuth Bearer Tokens

IETF OAuth2 Bearer Tokens are described in RFC 6750.

What are OAuth Bearer Tokens?

Bearer tokens are tokens that grant access to resources (identified by the tokens) without the need for cryptographic keys(Proof of Possession) of the entity(aka Bearer), in possession of the tokens.

Mandatory requirement is that bearer tokens are protected in storage and transport.

Mandatory Requirements

  1. TLS/SSL is mandatory.

  2. token_type should be set to "Bearer".

  3. SHOULD issue short lived and scoped bearer tokens.

  4. SHOULD NOT be passed as query parameters.

  5. Resource/Authorization Server MUST use HTTP “WWW-Authenticate” response header field.

  6. Clients MUST use HTTP "Authorization" request header field to pass the bearer token to the server.

Potential Types of OAuth Bearer Tokens

Go Back

Go back to OAuth dashboard OAuth Dashboard

back to top