stackoom
  简体   繁体   中英

Does the “Bearer” Authorization header have any special meaning?

 原文  2016-03-09 01:39:05       http/ oauth/ header

Question

Is there a difference between using a "Bearer" Authorization header and using a custom header? For example, the "Basic" Authorization header is different from a custom header because browsers treat "Basic" Authorization headers as a special case (some browsers cache the "Basic" Authorization header). In other words, is "Bearer" just an arbitrary string or do browsers know about it?

If I don't want future browsers to cache my bearer token, should I be safe and use a custom header?

For example, is there a difference between these (assuming my server can handle both): 

header('Authorization: Bearer 12345');
header('Mysite-Bearer-Token: 12345');

1 answers

solution1
 2  2016-03-18 09:20:57

Bearer token is defined by OAuth 2.0. You can get more details from http://tools.ietf.org/html/rfc6750 .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Does an HTTP Status code of 0 have any meaning? HTTP Authorization Header - Bearer token security How to add a “Authorization=Bearer” header with Indy in Delphi? HTTP GET : Header (Authorization : Bearer Token) Why the authentication scheme of GitHub Oauth2 Authorization header is 'token' not 'Bearer'? Why is 'Bearer' required before the token in 'Authorization' header in a HTTP request? Can I use both of Basic and Bearer in Authorization header? Why Doesn't my Authorization Header need "Bearer"? Does it make sense for server to return Authorization header Authorization header
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM