Module: passport-http-bearer

The passport-http-bearer module provides a Passport strategy for authenticating bearer tokens used in accordance with the HTTP Bearer authentication scheme.

Bearer tokens are a credential which can be used by any party in possession of the token to gain access to a protected resource. Use of a bearer token does not require any additional credentials, such as a cryptographic key. As such, bearer tokens must be protected from disclosure in both storage and transport in order to be utilized securely.

The Bearer authentication scheme is specified by RFC 6750. This scheme was designed for use with access tokens issued using OAuth 2.0. However, this scheme is useable within the general HTTP Authentication framework (RFC 7235) and can be utilized to authenticate bearer tokens issued via other mechanisms as well.