为什么在HTTP请求中“授权”标头中的令牌之前需要“承载者”?
[英]Why is 'Bearer' required before the token in 'Authorization' header in a HTTP request?
问题描述
What exactly is the difference between following two headers: 
以下两个标头之间到底有什么区别:
Authorization : Bearer cn389ncoiwuencr
vs
Authorization : cn389ncoiwuencr
All the sources which I have gone through, sets the value of 'Authorization' header as 'Bearer' followed by the actual token. 我经过的所有来源都将“ Authorization”标头的值设置为“ Bearer”,后跟实际的令牌。 However, I have not been able to understand the significance of it. 但是,我无法理解它的重要性。 What if I simply put the token in the Authorization header? 如果我只是将令牌放在Authorization标头中怎么办?
1 个解决方案
解决方案1
2 2015-12-21 16:06:10
Then the service receiving the header would not know how to interpret it. 然后,接收标头的服务将不知道如何解释它。 Instead of bearer , it could also be basic for example in which case the encoded string is a base64 encoded username/password instead of a token. 代替不bearer ,它也可以是basic ,例如,在这种情况下,编码字符串是base64编码的用户名/密码,而不是令牌。
There are a number of authentication schemes possible. 有许多可能的身份验证方案。 Which one is used is indicated by the identifier in the header. 标头中的标识符指示使用了哪一个。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.