Reputation: 341
Why we write Bearer in front of the token in the authorization header?
When I have for example a post method - login, I get back the signed JSON web token. I watched some tutorials on youtube and there, when they check if the user is authorized, they send the JWT in the authorization header like:
Bearer -token-
My question is: why they do that, when the same thing is working if we send only the token in the authorization header, without the "Bearer" in front of the token?
Upvotes: 6
Views: 5153
Answers (1)
Reputation: 106970
Because it's in the relevant standards documents. The general scheme is that you first state the type of token ("Bearer" in this case) and then the token itself. There are other authentication schemes too and they use different type keywords (like "Basic" or "Digest"). If you control the web server and parse the headers yourself then, sure, you can use whatever syntax you like. You can even invent your own header, nobody's stopping you. But having it comply to a unified standard makes it a little easier down the road when you need to integrate with other systems. :)
Upvotes: 24
Related Questions
- Why send JWT tokens in the Authorization header rather than as payload?
- JWT token not set in the response header
- How do I set Authorization Bearer header with nodejs
- bearer is for the authentication token but is for a different token?
- Why send "Bearer" text in Header
- Why should I send token in `Authorization: Bearer ` header?
- Authentication header using bearer scheme for JWT
- Using express-jwt, why is my authorization header missing when it's clearly there
- What does bearer stand for?
- Why is 'Bearer' required before the token in 'Authorization' header in a HTTP request?