Support for OAuth 2.0 Authorization with "Bearer" token

rojters · April 7, 2014, 7:32am

Hi, I was wondering if it would be possible for kraken to support OAuth requests when the header is in the form:

Authorization: Bearer [access token]

As specified in RFC6750 and referenced in RFC6749.

Example:

curl -H "Authorization: Bearer [my token omitted]" -X GET https://api.twitch.tv/kraken/user

{"error":"Unauthorized","status":401,"message":"Token invalid or missing required scope"}

where as

curl -H "Authorization: OAuth [my token omitted]" -X GET https://api.twitch.tv/kraken/user

returns

{"display_name":qwerty","_id":12312345,"name":"qwerty",.., etc.}

Thanks for providing the Twitch Web API.

/rojters

Schmoopiie · April 7, 2014, 1:32pm

+1 – I would love to see this feature but I don’t think I would use it… I’m kinda scared of using Bearer tokens… they rely solely on SSL/TLS for its security and they are some kind of cookies…

Schmoopiie!

Changaco · August 11, 2017, 4:40pm

+1. Supporting the standard authorization type Bearer in addition to OAuth should be pretty simple to implement and wouldn’t break backward compatibility. This small change would significantly simplify using the Twitch API with existing OAuth libraries.