RFC 6750RFCMust KnowProduct2012

OAuth 2.0 Bearer Token Usage

Authentication & Authorization·RFC Editor

WHY YOU NEED THIS

Every API that accepts an OAuth access token uses bearer token transport. Know the header format and the security implications of each transport method.

What It Defines

Defines how OAuth 2.0 bearer tokens are transmitted: Authorization header (preferred), form body parameter, URI query parameter. Establishes the standard token transport pattern.

Canonical (Normative)

RFC 6750

Convenient (Practical)

MDN Authorization header

oauthbearertokenauthorization-header

Standards Body

RFC Editor

The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.

Visit

Related Specs

RFC 6749RFCMust Know

OAuth 2.0

The foundation of modern app auth: third-party login, API authorization, SSO, and machine-to-machine access all use OAuth 2.0.

Back OfficeProductAuthentication & Authorization

Details

RFC 7519RFCMust Know

JWT

JWTs are the token format for OIDC ID tokens and many OAuth implementations. Understanding the structure and security tradeoffs is essential.

ProductAuthentication & Authorization

Details