[Androider]

OAuth doesn't have a monopoly on bearer tokens. And it is literally the definition of a bearer token: you shall know the messenger who presents this token, a concept old as history itself.

[y4mi]

Should every OS which uses windows be able to call itself Windows, because windows are a quite old thing as well?

Like it or not, there is an rfc for this and using it for anything else would be code smell at best

[patmorgan23]

> Should every OS which uses windows be able to call itself Windows, because windows are a quite old thing as well?

> Like it or not, there is an rfc for this and using it for anything else would be code smell at best

No but every OS that uses windows can call them windows....

[y4mi]

I guess they should be able to call them windows.

Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Or it's internal, please explain how the token is obtained.

I haven't seen any to date but I guess I could be wrong

[X-Istence]

Github will happily hand you an access token by visiting "https://github.com/settings/tokens".

These are bearer tokens, in that the bearer gets granted access by that token alone.

You happen to send it along in a Basic authentication in HTTP instead of as an Authorization header, but it is a bearer token all the same.

No OAuth2 flow required.

[X-Istence]

Any service that uses API keys are basically handing out bearer tokens. Whoever holds that API key can make requests to the service, it grants you access.

[OJFord]

> Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Yes: https://www.pelion.com/docs/device-management/current/integr...

(I know I've seen and used many others, but Pelion comes first to mind because I used to work on it.)

[Androider]

It's incredibly common. See Stripe for example https://stripe.com/docs/api/authentication

Authorization: Bearer <API Key>.