Skip to content

Bearer Token

Service Name: Generic Bearer Token Authentication

Service Description: Bearer tokens are a type of access token used in OAuth 2.0 and other authentication frameworks. They are called "bearer" tokens because the party in possession of the token (the "bearer") can access protected resources without further demonstration of identity. Bearer tokens are commonly used in API authentication.

Service Address: Not specific to a single service - used across many web services and APIs

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but may be implemented at the service level depending on the specific API provider.

Secret Access Scope: Grants access to protected resources on the server that issued the token. The specific permissions depend on the scopes assigned to the token during issuance.

Secret Revokement URL: Varies by service provider. Typically available through the service's developer console or authentication management interface.

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Suspicious Activity Investigation Instructions:

  • Review access logs for unusual API calls or resource access patterns.
  • Check for access from unexpected geographic locations or IP addresses.
  • Monitor for unusual volume or frequency of API requests.
  • Look for access attempts outside of normal business hours.
  • Check for attempts to access resources beyond the token's intended scope.

Mitigation Instructions:

  • Revoke the compromised token immediately through the service provider's management interface.
  • Generate a new token with appropriate scopes.
  • Implement token rotation policies to regularly refresh tokens.
  • Consider implementing shorter token expiration times.
  • Review and update access control policies as needed.
  • Enable additional security measures such as IP restrictions if supported by the service.
  • Consider implementing multi-factor authentication if available.
  • Audit all actions performed using the compromised token.