Forum Discussion

cbetta's avatar
cbetta
Frequent Visitor
6 years ago

How to document API that uses OAuth2 and bearer auth?

I've been looking at the authentication docs and I'm a bit confused.

 

Our API uses Auth2 to get an access token, both through client-side redirect and JWT assertions. 

 

It then uses the access token as a bearer token to authenticate each API call.

 

So here is the question: do I specify this is a bearer token security scheme, or an OAuth2 security scheme?

 

 

  • Hi cbetta,

     

    When you use OAuth 2.0, the Authorization header will look like:

    Authorization: Bearer <some value>

     

    Also, the Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750

     

     

  • Nastya_Khovrina's avatar
    Nastya_Khovrina
    SmartBear Alumni (Retired)

    Hi cbetta,

     

    When you use OAuth 2.0, the Authorization header will look like:

    Authorization: Bearer <some value>

     

    Also, the Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750