Explain Authorization Bearer.

805    Asked by ankur_3579 in Cyber Security , Asked on Apr 1, 2022

What exactly is the difference between following two headers:

Authorization : Bearer cn389ncoiwuencr vs Authorization : cn389ncoiwuencr

All the sources which I have gone through, set the value of the 'Authorization' header as 'Bearer' followed by the actual token. However, I have not been able to understand the significance of it. What if I simply put the token in the Authorization header?

Answered by Anisha Dalal

The Authorization: pattern was introduced by the W3C in HTTP 1.0, and has been reused in many places since. Many web servers support multiple methods of authorization. In those cases sending just the token isn't sufficient.


Sites that use the Authorization Bearer cn389ncoiwuencr formats are most likely implementing OAuth 2.0 bearer tokens.The OAuth 2.0 Authorization Framework sets a number of other requirements to keep authorization secure, for instance requiring the use of HTTPS/TLS. If you're integrating with a service that is using OAuth 2.0 it is a good idea to get familiar with the framework so that the flow you're using is implemented correctly, and avoiding unnecessary vulnerabilities. There are a number of good tutorials available online.



Your Answer

Interviews

Parent Categories