Leo Jiang
Reputation: 26085
Does the "Bearer" Authorization header have any special meaning?
Is there a difference between using a "Bearer" Authorization header and using a custom header? For example, the "Basic" Authorization header is different from a custom header because browsers treat "Basic" Authorization headers as a special case (some browsers cache the "Basic" Authorization header). In other words, is "Bearer" just an arbitrary string or do browsers know about it?
If I don't want future browsers to cache my bearer token, should I be safe and use a custom header?
For example, is there a difference between these (assuming my server can handle both):
header('Authorization: Bearer 12345');
header('Mysite-Bearer-Token: 12345');
Upvotes: 6
Views: 910
Answers (1)
Kaneg
Reputation: 515
Bearer token is defined by OAuth 2.0. You can get more details from https://www.rfc-editor.org/rfc/rfc6750.
Upvotes: 2
Related Questions
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- Setting Authorization Header of HttpClient
- Content Transfer Encoding 7bit or 8 bit
- What's the difference between JWTs and a Bearer Token?
- What is the common header format of Python files?
- What difference between using Authorization method and new attached param: accessToken in Header?
- HTTP Authorization header consistency in requests
- Custom Authorization Header
- Why is 'Bearer' required before the token in 'Authorization' header in a HTTP request?