OAuth 2.0 授权 Header

Question

I want to develop a SDK that encapsules the OAuth 2.0 functions. I have checked the differences between OAuth 1.0 & 2.0, and I have some confusion on Authorization Header ( 1.0 and 2.0 ), OAuth 1.0 protocol parameters can be transmitted using the HTTP "Authorization" header, but I can't find this described in current OAuth 2.0 draft.

Does OAuth 2.0 supports authorization headers?

In OAuth 1.0 your header would look like:

Authorization: OAuth realm="Example",
    oauth_consumer_key="0685bd9184jfhq22",
    oauth_token="ad180jjd733klru7",
    oauth_signature_method="HMAC-SHA1",
    oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
    oauth_timestamp="137131200",
    oauth_nonce="4572616e48616d6d65724c61686176",
    oauth_version="1.0"

Answer 1

对于那些寻找如何在标头中传递OAuth2授权（访问令牌）的示例（与使用请求或body参数相反），以下是它的完成方式：

Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42

Answer 2

You can still use the Authorization header with OAuth 2.0. There is a Bearer type specified in the Authorization header for use with OAuth bearer tokens (meaning the client app simply has to present ("bear") the token). The value of the header is the access token the client received from the Authorization Server.

It's documented in this spec: https://tools.ietf.org/html/rfc6750#section-2.1

Eg:

   GET /resource HTTP/1.1
   Host: server.example.com
   Authorization: Bearer mF_9.B5f-4.1JqM

Where mF_9.B5f-4.1JqM is your OAuth access token.

Answer 3

I just want to specify that you can use "Property Expansion" in the header value as well to Automation your proccess.

( Actually i use a property transfer too, to transfer token into my TestSuite property and then as you can see return it with "${#TestSuite#token}" )

example:

Sources:

• pass a property as access token ,
• Accessing Property

Best regards community !