Bearer protocol definition
Bearer protocol is a method used for authorizing access to protected resources in computer systems (such as web applications, cloud services, APIs, and several others).
The entity making the request (e.g., an individual user or an app) needs to present the bearer token with each request to access the protected resource.
If the token is valid, the bearer can access the resources without needing additional authentication. It's like having a special key that allows you to access certain areas without having to show identification every time.
See also: biometric authentication
How bearer protocol works
- Firstly, the entity that wants to access the resources proves its identity to the server by entering a username and password. They may also use another method to verify who they are, like biometric authentication.
- After the server confirms the user’s identity, it creates a bearer token and links it to the authenticated user. This token says that the user has permission to access protected resources.
- When the client wants to access a protected resource, it shows the bearer token to the server. The server checks if the bearer token is valid: It needs to be correctly formatted, not expired, and match a valid token stored on the server. If it is valid, the server allows the client to access the resource.
Benefits of bearer protocol
- It’s a simple and straightforward authentication approach.
- Bearer tokens can be efficiently transmitted with each request.
- Bearer tokens can support various authentication methods.