[motorest]

> You're effectively talking about an attacker breaking https aren't you?

No. There are many ways to fish bearer tokens. Encryption in transit only addresses some of them.

[thdhhghgbhy]

I'm all ears, please provide one potential way.

[motorest]

> I'm all ears, please provide one potential way.

Just Google for session hijacking attacks. There's a wealth of information on the topic. It's a regular entry in OWASP top 10.

[thdhhghgbhy]

I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows. So that just leaves mitm, which as I said, is effectively breaking https.

[motorest]

> I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows.

OWASP's page lists 3 more examples which it seems you omitted for some reason.