Bearer Token Authentication
The Bearer plugin enables authentication using Bearer tokens as an alternative to browser cookies. It intercepts requests, adding the Bearer token to the Authorization header before forwarding them to your API.
Installing the Bearer Plugin
Add the Bearer plugin to your authentication setup:
How to Use Bearer Tokens
1. Obtain the Bearer Token
After a successful sign-in, you'll receive a session object containing the session object. The id
is the token you need to send in the Authorization header for all subsequent requests.
2. Configure the Auth Client
Set up your auth client to include the Bearer token in all requests:
3. Make Authenticated Requests
Now you can make authenticated API calls:
4. Per-Request Token (Optional)
You can also provide the token for individual requests:
5. Using Bearer Tokens Outside the Auth Client
The Bearer token can be used to authenticate any request to your API, even when not using the auth client:
And in the server, you can use the auth.api.getSession
function to authenticate requests: