<p></p>
<p>Signing requests was a topic for OAuth 1.0a. Bearer tokens in 2.0 would give you access to resource server (see example below), that's why you need to safeguard them. RFC 6750 has more details on security threats related to Bearer Tokens usage.</p>
<pre><code>curl  -H "Authorization: Bearer oUA-D-78IXuB9c2TM5BdGtAdLcUih5FXUIWl6Lb8V0g" http://localhost:3000/api/0.6/user/details.json
{"user":{"id":1,"display_name":"mmd2","account_created":"2017-12-05T17:28:53Z","description":"Hello!","contributor_terms":{"agreed":true},"roles":["moderator","administrator"],"changesets":{"count":1706},"traces":{"count":78},"blocks":{"received":{"count":1,"active":0},"issued":{"count":20,"active":0}}}}
</code></pre>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706752433">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLMJY6EE42FKKVOEQJLSKH6JTANCNFSM4GXT7OGA">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AAK2OLPPY6OMBYFHW5FVNHDSKH6JTA5CNFSM4GXT7OGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFIQC7MI.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706752433",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706752433",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>