Hacker News new | ask | show | jobs
by pionar 2529 days ago
No, because it's not a bearer token.

Edit for clarity: A bearer token [0] is a concept for OAuth. This is not OAuth.

[0] https://tools.ietf.org/html/rfc6750#section-1.2
2 comments
Androider 2529 days ago
OAuth doesn't have a monopoly on bearer tokens. And it is literally the definition of a bearer token: you shall know the messenger who presents this token, a concept old as history itself.
link
y4mi 2529 days ago
Should every OS which uses windows be able to call itself Windows, because windows are a quite old thing as well?

Like it or not, there is an rfc for this and using it for anything else would be code smell at best

link
patmorgan23 2529 days ago
> Should every OS which uses windows be able to call itself Windows, because windows are a quite old thing as well?

> Like it or not, there is an rfc for this and using it for anything else would be code smell at best

No but every OS that uses windows can call them windows....

link
y4mi 2529 days ago
I guess they should be able to call them windows.

Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Or it's internal, please explain how the token is obtained.

I haven't seen any to date but I guess I could be wrong

link
X-Istence 2529 days ago
Github will happily hand you an access token by visiting "https://github.com/settings/tokens".

These are bearer tokens, in that the bearer gets granted access by that token alone.

You happen to send it along in a Basic authentication in HTTP instead of as an Authorization header, but it is a bearer token all the same.

No OAuth2 flow required.

link
X-Istence 2529 days ago
Any service that uses API keys are basically handing out bearer tokens. Whoever holds that API key can make requests to the service, it grants you access.
link
OJFord 2529 days ago
> Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Yes: https://www.pelion.com/docs/device-management/current/integr...

(I know I've seen and used many others, but Pelion comes first to mind because I used to work on it.)

link
Androider 2529 days ago
It's incredibly common. See Stripe for example https://stripe.com/docs/api/authentication

Authorization: Bearer <API Key>.

link
theandrewbailey 2529 days ago
JWT uses Authorization: Bearer, too.

https://jwt.io/introduction/

link