Bearer Token

Estimated reading: 2 minutes 38 views

What is a Bearer Token and how it works?

A Bearer Token is an access token issued by IdentityServer, which clients use to authenticate and access protected resources by including the token in the HTTP Authorization header with requests.


The process works as follows:

  1. Token Issuance: When a user successfully authenticates with IdentityServer, an access token (Bearer Token) is generated and issued to the client application. This token is a JSON Web Token (JWT) containing claims about the user and their permissions.
  2. Token Transmission: The client application includes the Bearer Token in the HTTP Authorization header for subsequent requests to protected resources. The header format is: Authorization: Bearer <token>.
  3. Resource Server Validation: The resource server (API) validates the Bearer Token by verifying its signature, expiration, and the claims contained within. This ensures the token is issued by a trusted authority (IdentityServer) and is still valid.
  4. Access Control: Based on the token’s claims, the resource server determines if the client has the necessary permissions to access the requested resource. If valid, the server processes the request; if not, it rejects the request with an appropriate error message.

Bearer Tokens provide a secure and efficient method for clients to access protected resources without needing to repeatedly authenticate, facilitating stateless and scalable security management


How it works?

Step 1: User initiates the authentication request

Step 2: Identity Server authenticates the user credentials

Step 3: Once the authentication if successfull, a token is received

Step 4: The resource server checks the validity and integrity of the Bearer Token

Step 5: Access to the requested resource is granted or denied based on the claims in the Bearer Token