IETF RFC 6750
The OAuth 2.0 Authorization Framework: Bearer Token Usage
|Publication Date:||1 October 2012|
This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.