undefined | Better HN

0 pointsy4mi6y ago0 comments

I guess they should be able to call them windows.

Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Or it's internal, please explain how the token is obtained.

I haven't seen any to date but I guess I could be wrong

0 comments

X-Istence6y ago

Github will happily hand you an access token by visiting "https://github.com/settings/tokens".

These are bearer tokens, in that the bearer gets granted access by that token alone.

You happen to send it along in a Basic authentication in HTTP instead of as an Authorization header, but it is a bearer token all the same.

No OAuth2 flow required.

X-Istence6y ago

Any service that uses API keys are basically handing out bearer tokens. Whoever holds that API key can make requests to the service, it grants you access.

OJFord6y ago

> Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Yes: https://www.pelion.com/docs/device-management/current/integr...

(I know I've seen and used many others, but Pelion comes first to mind because I used to work on it.)

Androider6y ago

It's incredibly common. See Stripe for example https://stripe.com/docs/api/authentication

Authorization: Bearer <API Key>.

j / k navigate · click thread line to collapse

0 pointsy4mi6y ago0 comments

I guess they should be able to call them windows.

Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Or it's internal, please explain how the token is obtained.

I haven't seen any to date but I guess I could be wrong

0 comments

X-Istence6y ago

Github will happily hand you an access token by visiting "https://github.com/settings/tokens".

These are bearer tokens, in that the bearer gets granted access by that token alone.

You happen to send it along in a Basic authentication in HTTP instead of as an Authorization header, but it is a bearer token all the same.

No OAuth2 flow required.

X-Istence6y ago

Any service that uses API keys are basically handing out bearer tokens. Whoever holds that API key can make requests to the service, it grants you access.

OJFord6y ago

> Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Yes: https://www.pelion.com/docs/device-management/current/integr...

(I know I've seen and used many others, but Pelion comes first to mind because I used to work on it.)

Androider6y ago

It's incredibly common. See Stripe for example https://stripe.com/docs/api/authentication

Authorization: Bearer <API Key>.

j / k navigate · click thread line to collapse