I'm learning something about Authorization like Basic, Digest, OAuth2.0, JWTs, and Bearer Token.
Now I have a question.
You know the JWTs is being used as an Access_Token in the OAuth2.0 standard. JWTs appears at RFC 7519, and Bearer Token is at RFC 6750 .
For example, the Bearer:
Authorization: Bearer <token>
I used to send token to server by AJAX or add token to the query string of the url. I know that a token can also be sent by adding it to a request header. Does that mean that token should be added to Authorization Bearer header?
Could you please tell me the relationship between JWTs and Bearer Token? Thanks a lot.
JWT is an encoding standard for tokens that contains a JSON data payload that can be signed and encrypted.
JWT can be used for many things, among those are bearer tokens, i.e. a piece of information that you can present to some service that by virtue of you having it (you being the "bearer") grants you access to something.
Bearer tokens can be included in an HTTP request in different ways, one of them (probably the preferred one) being the Authorization header. But you could also put it into a request parameter, a cookie or the request body. That is mostly between you and the server you are trying to access.