bearer token

From IndieWeb

bearer token is a type of token that identifies whoever knows it (its β€œbearer”). It is the most common authentication type in OAuth.

Bearer token usage is defined by RFC 6750: OAuth 2.0 Bearer Token Usage. The exact definition reads:

A security token with the property that any party in possession of the token (a β€œbearer”) can use the token in any way that any other party in possession of it can. Using a bearer token does not require a bearer to prove possession of cryptographic key material (proof-of-possession).

Technological definition

It is important to note that RFC 6750 limits the character set for a bearer token:

     b64token    = 1*( ALPHA / DIGIT /
                       "-" / "." / "_" / "~" / "+" / "/" ) *"="
     credentials = "Bearer" 1*SP b64token

IndieWeb