Authorization Header format clarification

[brianv0]

It seems like the default Authorization header format for an HTTP request is of the form:

Authorization: Bearer realm="scitokens.org" ${token}

Is this codified somewhere? Is it safe to assume?

[jbasney]

Good question. https://tools.ietf.org/html/rfc6750#section-2.1 says the request should be "Bearer" 1*SP b64token and I think realm only belongs in the response, not the request.

[brianv0]

Good enough for me, thanks!