[y4mi]

I guess they should be able to call them windows.

Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Or it's internal, please explain how the token is obtained.

I haven't seen any to date but I guess I could be wrong

[X-Istence]

Github will happily hand you an access token by visiting "https://github.com/settings/tokens".

These are bearer tokens, in that the bearer gets granted access by that token alone.

You happen to send it along in a Basic authentication in HTTP instead of as an Authorization header, but it is a bearer token all the same.

No OAuth2 flow required.

[X-Istence]

Any service that uses API keys are basically handing out bearer tokens. Whoever holds that API key can make requests to the service, it grants you access.

[OJFord]

> Can you link to any tool which uses bearer tokens and doesn't grant them through oauth2?

Yes: https://www.pelion.com/docs/device-management/current/integr...

(I know I've seen and used many others, but Pelion comes first to mind because I used to work on it.)

[Androider]

It's incredibly common. See Stripe for example https://stripe.com/docs/api/authentication

Authorization: Bearer <API Key>.