I've been looking at the authentication docs and I'm a bit confused.
Our API uses Auth2 to get an access token, both through client-side redirect and JWT assertions.
It then uses the access token as a bearer token to authenticate each API call.
So here is the question: do I specify this is a bearer token security scheme, or an OAuth2 security scheme?
Go to Solution.
When you use OAuth 2.0, the Authorization header will look like:
Authorization: Bearer <some value>
Also, the Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750
View solution in original post