OAuth2.0 access token in header

Question

I'm a student working on a PHP laravel project to secure an API with OAuth2.0. I'm using Postman to test my API, when I put my access token in my URL like this:

URL/?access_token=... all works fine.

Now I want to use the Header to pass the access_token, I tried:

Key: access_token with Value:(the token)

Key: Authorization with Value:(the token)

Key: Authorization with Value:(Bearer +the token)

None of these seems to work.Does anyone knows what I'm doing wrong or what I'm missing? When I search for the right answer i find that Key: Authorization with Value:(Bearer +the token) needs to work fine.

Thx in advance!

Answer 1

it's very simple actually.

you create an Authorization key and the value of that key is token type space and the actual token. if you have bearer then it "Bearer token_value". I am covering this in detail in one of my articles and I am using Postman as well.

here is the article : https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/

go down to section 2 which is one dealing with the Resource server. You'll see there Postman screenshots with examples of how to setup everything you need.

Answer 2

I use access token in my request header as:

Key: Authorization

Value: Bearer {{AccessToken}}

Also depends upon what token type are you getting back. Look for token_type key when you acquire an access token. in my case it is "Bearer" so using it with access token.