There are lots of benefits to this over the bearer token approach that many take. Binding the authentication to the specific request is valuable regardless of TLS.