Glossary: Bearer TokenGlossary

A bearer token is a type of security token used in authentication and authorization that indicates that any party possesses it (the "bearer") is allowed to access the associated resources.

Here are some characteristics of bearer tokens:

• They simplify authorization. Using a bearer token involves sending the token with each request to access the resources protected by the token, typically in the HTTP Authorization header.
• They are not bound to specific users. The possessor of a bearer token, regardless of who they are, has access to the specific resource or resources that the token protects. Care must be taken to secure bearer tokens and ensure that they are not acquired by unauthorized parties.
• They are short-lived. To minimize security risks, bearer tokens have short lifetimes. After a date and time specified within the token, the token becomes invalid and can no longer be used to access the resources it protects.
• They are revocable. As an additional security measure, a bearer token can be revoked if necessary, rendering it invalid. When this happens, the token can no longer be used to access the resources it protects.

Bearer tokens are a key part of the OAuth 2 protocol. OAuth 2’s access tokens are bearer tokens, and they specify what the bearer is allowed to do with specified resources.