docs/manual/mod/mod_auth_bearer.html.en.utf8 - httpd - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
 <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
 <!--
         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
               This file is generated from xml source: DO NOT EDIT
         XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
       -->
 <title>mod_auth_bearer - Apache HTTP Server Version 2.5</title>
 <link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
 <link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
 <link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
 <script src="../style/scripts/prettify.min.js" type="text/javascript">
 </script>

 <link href="../images/favicon.ico" rel="shortcut icon" /></head>
 <body>
 <div id="page-header">
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
 <p class="apache">Apache HTTP Server Version 2.5</p>
 <img alt="" src="../images/feather.png" /></div>
 <div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
 <div id="path">
 <a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.5</a> &gt; <a href="./">Modules</a></div>
 <div id="page-content">
 <div id="preamble"><h1>Apache Module mod_auth_bearer</h1>
 <div class="toplang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_bearer.html" title="English">&nbsp;en&nbsp;</a></p>
 </div>
 <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Bearer HTTP authentication</td></tr>
 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>auth_bearer_module</td></tr>
 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_auth_bearer.c</td></tr></table>
 <h3>Summary</h3>

     <p>This module allows the use of HTTP Bearer Authentication to
     restrict access by passing the bearer token to the given providers.
     This module should be combined with at least one token module
     such as <code class="module"><a href="../mod/mod_autht_jwt.html">mod_autht_jwt</a></code> and one authorization
     module such as <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>.</p>
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#authbearerauthoritative">AuthBearerAuthoritative</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authbearerprovider">AuthBearerProvider</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authbearerproxy">AuthBearerProxy</a></li>
 </ul>
 <h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_auth_bearer">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_auth_bearer">Report a bug</a></li></ul><h3>See also</h3>
 <ul class="seealso">
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code></li>
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
 <li><a href="../howto/auth.html">Authentication howto</a></li>
 <li><a href="#comments_section">Comments</a></li></ul></div>

 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthBearerAuthoritative" id="AuthBearerAuthoritative">AuthBearerAuthoritative</a> <a name="authbearerauthoritative" id="authbearerauthoritative">Directive</a> <a title="Permanent link" href="#authbearerauthoritative" class="permalink">&para;</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether token verification is passed to lower level
 modules</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBearerAuthoritative On|Off</code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBearerAuthoritative On</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_bearer</td></tr>
 </table>
     <p>Normally, each token verification module listed in <code class="directive"><a href="#authbearerprovider">AuthBearerProvider</a></code> will attempt
     to verify the token, and if the token is not found to be valid,
     access will be denied. Setting the
     <code class="directive">AuthBearerAuthoritative</code> directive explicitly
     to <code>Off</code> allows for token verification to be passed on to
     other non-provider-based modules if the token is not recognised.
     This should only be necessary when combining
     <code class="module"><a href="../mod/mod_auth_bearer.html">mod_auth_bearer</a></code> with third-party modules that are not
     configured with the
     <code class="directive"><a href="#authbearerprovider">AuthBearerProvider</a></code>
     directive.  When using such modules, the order of processing
     is determined in the modules' source code and is not configurable.</p>

 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthBearerProvider" id="AuthBearerProvider">AuthBearerProvider</a> <a name="authbearerprovider" id="authbearerprovider">Directive</a> <a title="Permanent link" href="#authbearerprovider" class="permalink">&para;</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the authentication provider(s) for this location</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBearerProvider <var>provider-name</var>
 [<var>provider-name</var>] ...</code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBearerProvider file</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_bearer</td></tr>
 </table>
     <p>The <code class="directive">AuthBearerProvider</code> directive sets
     which provider is used to verify tokens for this location.
     The default <code>jwt</code> provider is implemented
     by the <code class="module"><a href="../mod/mod_autht_jwt.html">mod_autht_jwt</a></code> module.  Make sure
     that the chosen provider module is present in the server.</p>
     <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
     AuthType bearer
     AuthName "private area"
     AuthBearerProvider jwt
     AuthtJwtVerify hs256 file "/www/etc/jwt.secret"
     Require            valid-user
 &lt;/Location&gt;</pre>
 </div>
     <p>Providers are queried in order until a provider finds a match
     for the requested token. This usually means that the token has been
     correctly signed, or that the token has not expired.</p>

     <p>The first implemented provider is <code class="module"><a href="../mod/mod_autht_jwt.html">mod_autht_jwt</a></code>.</p>

 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthBearerProxy" id="AuthBearerProxy">AuthBearerProxy</a> <a name="authbearerproxy" id="authbearerproxy">Directive</a> <a title="Permanent link" href="#authbearerproxy" class="permalink">&para;</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Pass a bearer authentication token over a proxy connection
 generated using the given expression</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBearerProxy off|<var>expression</var></code></td></tr>
 <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_bearer</td></tr>
 <tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache HTTP Server 2.5.1 and later</td></tr>
 </table>
     <p>The expression specified is passed as a bearer token in the
     Authorization header, which is passed to the server or service
     behind the webserver. The expression is interpreted using the
     <a href="../expr.html">expression parser</a>, which allows the
     token to be set based on request parameters.</p>

     <div class="note">
     The Authorization header added by this directive is <em>not</em>
     input into any authentication or authorization within the local
     server.  It is designed to be passed along to upstream servers.
     </div>

     <p>In this example, we pass a fixed token to a backend server.</p>

     <div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config">&lt;Location "/demo"&gt;
     AuthBearerProxy my-fixed-token
 &lt;/Location&gt;</pre>
 </div>

     <p>In this example, we pass the query string as the token to the
     backend server.</p>

     <div class="example"><h3>Query String Example</h3><pre class="prettyprint lang-config">&lt;Location "/secure"&gt;
     AuthBearerProxy "%{QUERY_STRING}"
 &lt;/Location&gt;</pre>
 </div>

     <div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config">&lt;Location "/public"&gt;
     AuthBearerProxy off
 &lt;/Location&gt;</pre>
 </div>


 </div>
 </div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_auth_bearer.html" title="English">&nbsp;en&nbsp;</a></p>
 </div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
 <script type="text/javascript"><!--//--><![CDATA[//><!--
 var comments_shortname = 'httpd';
 var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_auth_bearer.html';
 (function(w, d) {
     if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
         d.write('<div id="comments_thread"><\/div>');
         var s = d.createElement('script');
         s.type = 'text/javascript';
         s.async = true;
         s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
         (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
     }
     else {
         d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
     }
 })(window, document);
 //--><!]]></script></div><div id="footer">
 <p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
 if (typeof(prettyPrint) !== 'undefined') {
     prettyPrint();
 }
 //--><!]]></script>
 </body></html>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
	<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
	<!--
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	This file is generated from xml source: DO NOT EDIT
	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
	-->
	<title>mod_auth_bearer - Apache HTTP Server Version 2.5</title>
	<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
	<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
	<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
	<script src="../style/scripts/prettify.min.js" type="text/javascript">
	</script>

	<link href="../images/favicon.ico" rel="shortcut icon" /></head>
	<body>
	<div id="page-header">
	<p class="menu"><a href="../mod/">Modules</a> \| <a href="../mod/quickreference.html">Directives</a> \| <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> \| <a href="../glossary.html">Glossary</a> \| <a href="../sitemap.html">Sitemap</a></p>
	<p class="apache">Apache HTTP Server Version 2.5</p>
	<img alt="" src="../images/feather.png" /></div>
	<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
	<div id="path">
	<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
	<div id="page-content">
	<div id="preamble"><h1>Apache Module mod_auth_bearer</h1>
	<div class="toplang">
	<p><span>Available Languages: </span><a href="../en/mod/mod_auth_bearer.html" title="English"> en </a></p>
	</div>
	<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Bearer HTTP authentication</td></tr>
	<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Base</td></tr>
	<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>auth_bearer_module</td></tr>
	<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_auth_bearer.c</td></tr></table>
	<h3>Summary</h3>

	<p>This module allows the use of HTTP Bearer Authentication to
	restrict access by passing the bearer token to the given providers.
	This module should be combined with at least one token module
	such as <code class="module"><a href="../mod/mod_autht_jwt.html">mod_autht_jwt</a></code> and one authorization
	module such as <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>.</p>
	</div>
	<div id="quickview"><h3 class="directives">Directives</h3>
	<ul id="toc">
	<li><img alt="" src="../images/down.gif" /> <a href="#authbearerauthoritative">AuthBearerAuthoritative</a></li>
	<li><img alt="" src="../images/down.gif" /> <a href="#authbearerprovider">AuthBearerProvider</a></li>
	<li><img alt="" src="../images/down.gif" /> <a href="#authbearerproxy">AuthBearerProxy</a></li>
	</ul>
	<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=mod_auth_bearer">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=mod_auth_bearer">Report a bug</a></li></ul><h3>See also</h3>
	<ul class="seealso">
	<li><code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code></li>
	<li><code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code></li>
	<li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
	<li><a href="../howto/auth.html">Authentication howto</a></li>
	<li><a href="#comments_section">Comments</a></li></ul></div>

	<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
	<div class="directive-section"><h2><a name="AuthBearerAuthoritative" id="AuthBearerAuthoritative">AuthBearerAuthoritative</a> <a name="authbearerauthoritative" id="authbearerauthoritative">Directive</a> <a title="Permanent link" href="#authbearerauthoritative" class="permalink">¶</a></h2>
	<table class="directive">
	<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets whether token verification is passed to lower level
	modules</td></tr>
	<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBearerAuthoritative On\|Off</code></td></tr>
	<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBearerAuthoritative On</code></td></tr>
	<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
	<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
	<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
	<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_bearer</td></tr>
	</table>
	<p>Normally, each token verification module listed in <code class="directive"><a href="#authbearerprovider">AuthBearerProvider</a></code> will attempt
	to verify the token, and if the token is not found to be valid,
	access will be denied. Setting the
	<code class="directive">AuthBearerAuthoritative</code> directive explicitly
	to <code>Off</code> allows for token verification to be passed on to
	other non-provider-based modules if the token is not recognised.
	This should only be necessary when combining
	<code class="module"><a href="../mod/mod_auth_bearer.html">mod_auth_bearer</a></code> with third-party modules that are not
	configured with the
	<code class="directive"><a href="#authbearerprovider">AuthBearerProvider</a></code>
	directive. When using such modules, the order of processing
	is determined in the modules' source code and is not configurable.</p>

	</div>
	<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
	<div class="directive-section"><h2><a name="AuthBearerProvider" id="AuthBearerProvider">AuthBearerProvider</a> <a name="authbearerprovider" id="authbearerprovider">Directive</a> <a title="Permanent link" href="#authbearerprovider" class="permalink">¶</a></h2>
	<table class="directive">
	<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the authentication provider(s) for this location</td></tr>
	<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBearerProvider <var>provider-name</var>
	[<var>provider-name</var>] ...</code></td></tr>
	<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthBearerProvider file</code></td></tr>
	<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
	<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
	<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
	<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_bearer</td></tr>
	</table>
	<p>The <code class="directive">AuthBearerProvider</code> directive sets
	which provider is used to verify tokens for this location.
	The default <code>jwt</code> provider is implemented
	by the <code class="module"><a href="../mod/mod_autht_jwt.html">mod_autht_jwt</a></code> module. Make sure
	that the chosen provider module is present in the server.</p>
	<div class="example"><h3>Example</h3><pre class="prettyprint lang-config"><Location "/secure">
	AuthType bearer
	AuthName "private area"
	AuthBearerProvider jwt
	AuthtJwtVerify hs256 file "/www/etc/jwt.secret"
	Require valid-user
	</Location></pre>
	</div>
	<p>Providers are queried in order until a provider finds a match
	for the requested token. This usually means that the token has been
	correctly signed, or that the token has not expired.</p>

	<p>The first implemented provider is <code class="module"><a href="../mod/mod_autht_jwt.html">mod_autht_jwt</a></code>.</p>

	</div>
	<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
	<div class="directive-section"><h2><a name="AuthBearerProxy" id="AuthBearerProxy">AuthBearerProxy</a> <a name="authbearerproxy" id="authbearerproxy">Directive</a> <a title="Permanent link" href="#authbearerproxy" class="permalink">¶</a></h2>
	<table class="directive">
	<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Pass a bearer authentication token over a proxy connection
	generated using the given expression</td></tr>
	<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthBearerProxy off\|<var>expression</var></code></td></tr>
	<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
	<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
	<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
	<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
	<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_bearer</td></tr>
	<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache HTTP Server 2.5.1 and later</td></tr>
	</table>
	<p>The expression specified is passed as a bearer token in the
	Authorization header, which is passed to the server or service
	behind the webserver. The expression is interpreted using the
	<a href="../expr.html">expression parser</a>, which allows the
	token to be set based on request parameters.</p>

	<div class="note">
	The Authorization header added by this directive is <em>not</em>
	input into any authentication or authorization within the local
	server. It is designed to be passed along to upstream servers.
	</div>

	<p>In this example, we pass a fixed token to a backend server.</p>

	<div class="example"><h3>Fixed Example</h3><pre class="prettyprint lang-config"><Location "/demo">
	AuthBearerProxy my-fixed-token
	</Location></pre>
	</div>

	<p>In this example, we pass the query string as the token to the
	backend server.</p>

	<div class="example"><h3>Query String Example</h3><pre class="prettyprint lang-config"><Location "/secure">
	AuthBearerProxy "%{QUERY_STRING}"
	</Location></pre>
	</div>

	<div class="example"><h3>Exclusion Example</h3><pre class="prettyprint lang-config"><Location "/public">
	AuthBearerProxy off
	</Location></pre>
	</div>


	</div>
	</div>
	<div class="bottomlang">
	<p><span>Available Languages: </span><a href="../en/mod/mod_auth_bearer.html" title="English"> en </a></p>
	</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
	<script type="text/javascript"><!--//--><![CDATA[//><!--
	var comments_shortname = 'httpd';
	var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_auth_bearer.html';
	(function(w, d) {
	if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
	d.write('<div id="comments_thread"><\/div>');
	var s = d.createElement('script');
	s.type = 'text/javascript';
	s.async = true;
	s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
	(d.getElementsByTagName('head')[0] \|\| d.getElementsByTagName('body')[0]).appendChild(s);
	}
	else {
	d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
	}
	})(window, document);
	//--><!]]></script></div><div id="footer">
	<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
	<p class="menu"><a href="../mod/">Modules</a> \| <a href="../mod/quickreference.html">Directives</a> \| <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> \| <a href="../glossary.html">Glossary</a> \| <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
	if (typeof(prettyPrint) !== 'undefined') {
	prettyPrint();
	}
	//--><!]]></script>
	</body></html>