Bearer Authentication Method

A Bearer Authentication method is also known as a token-based method. This is an authentication technique that provides every request to the server with a signed token. A token itself has no meaning or use but it becomes important within the correct tokenization system.

These security tokens are considered to be bearer tokens. Giving access to the bearer of the token is what the name Bearer authentication assumes. Bearer tokens are usually generated by the server at the moment client logs in to the system.

The Bearer authentication method should only be used over HTTPS (SSL) for security reasons.

The Bearer authentication method can be used in combination with other schemes.

Bearer Authentication requires the SI (Sitecore Identity) server that provides tokens in JWT (JSON Web Token) format by default, an API application, and an MVC client application.

Currently, token-based authentication is widespread on the Internet and is best suited for it.

This access method involves
  • Platform-as-a-Service applications as a service providing RESTful APIs used by various platforms and clients
  • Mobile applications implementing native or hybrid mobile apps that interact with your services
  • Single-page applications (SPA) that create modern applications with frameworks such as Angular and React

How it works

  • User Requests Access with Username / Password
  • Application validates credentials
  • The application provides a signed token to the client
  • The client stores the token and sends it along with every request
  • The server verifies token and responds with data

There are several important aspects of choosing token-based authentication for your application. When choosing tokens, the following principles should be followed:

  • Statelessness and scalability of the servers
  • Mobile App Availability
  • Transferring Authentication to Other Applications
  • Extra security