The passport-http-bearer
module provides a Passport
strategy for authenticating bearer tokens
used in accordance with the HTTP Bearer authentication scheme.
Bearer tokens are a credential which can be used by any party in possession of the token to gain access to a protected resource. Use of a bearer token does not require any additional credentials, such as a cryptographic key. As such, bearer tokens must be protected from disclosure in both storage and transport in order to be utilized securely.
The Bearer authentication scheme is specified by RFC 6750. This scheme was designed for use with access tokens issued using OAuth 2.0. However, this scheme is useable within the general HTTP Authentication framework (RFC 7235) and can be utilized to authenticate bearer tokens issued via other mechanisms as well.