OAuth 2.0 Authorization Header

Question

OAuth 2.0 Authorization Header

I want to develop an SDK that encapsulates the functions of OAuth 2.0. I checked the differences between OAuth 1.0 and 2.0, and I have some confusion in the authorization header ( 1.0 and 2.0 ), the OAuth 1.0 protocol parameters can be passed using the "Authorization" HTTP header, but I cannot find this in the current OAuth 2.0 draft.

Does OAuth 2.0 support authorization headers?

In OAuth 1.0, your title will look like this:

Authorization: OAuth realm="Example", oauth_consumer_key="0685bd9184jfhq22", oauth_token="ad180jjd733klru7", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D", oauth_timestamp="137131200", oauth_nonce="4572616e48616d6d65724c61686176", oauth_version="1.0"

+62

http oauth-2.0

JKhuang Jun 17 '12 at 4:20

source share

2 answers

Jonathan · Answer 1 · 2013-09-11 23:18

For those looking for an example of how to pass OAuth2 authorization (access token) in the header (as opposed to using a request parameter or body), here's how to do it:

 Authorization: Bearer 0b79bab50daca910b000d4f1a2b675d604257e42

Scott T. · Answer 2 · 2012-06-17 22:31

You can still use the authorization header with OAuth 2.0. There is a Bearer type specified in the authorization header for use with OAuth bearer tokens (this means that the client application just needs to present a (“bear”) token). The header value is the access token received by the client from the authorization server.

It is documented in this specification: https://tools.ietf.org/html/rfc6750#section-2.1

eg:.

  GET /resource HTTP/1.1 Host: server.example.com Authorization: Bearer mF_9.B5f-4.1JqM

Where mF_9.B5f-4.1JqM is your OAuth access token.

OAuth 2.0 Authorization Header

More articles: