Question on Bearer Token Assignment

Hi all,

I did download a collection and environment variables for a project i am working on. I then modified the environment variables to match my lab setup and all is working.

The authorization is set to ‘Inherit from parent’. This is fine. I went to the collection folder and the Authorization is set to ‘Bearer Token’ which is expected and the Token is set to {{bearToken}}.

Now, in the collection in the Authentication folder, i can get a token successfully and i get something like this:

“access_token”: “AgKxTqPnS82r4j…”
“token_type”: “bearer”,
“expires_in”: 299,
“refresh_token”: “q6duTgoLEkG7r…”

The question is: how is the access_token that I get, automatically assigned to the {{bearToken}} ?
Should I see somewhere like access_token = {{bearToken}}?

In any case, when the token is expired, and i perform a request, is a new token, AUTOMATICALLY, re-fetched? Or do I start AUTOMATICALLY using the ‘refresh_token’ value? what is the difference between the two ?

Hi @thibaulv

When you forked the collection, is there a pre-req script or a test script included (when you GET the token), that assigns the value to {{bearToken}}?

something like this;

Thanks! Yes i see this:

This is good. Now the next step.

In my request, i do not see {{bearToken}} anywhere. But I see this:

How does this {{bearToken} gets translated to the Authorization Line? I guess it knows, because in the ‘Parent’ it was set to Bearer. Is this mapped automatically ?

Off the top of my head without looking, if it is “inherited from parent” I would expect that to be fed in before the request is sent. (almost like a pre-req script would be).

The fact that it is a darker grey colour (the tick boxes on the left), shows it is one of the “auto-generated headers”.

You could change it if you wanted to. The ‘Bearer’ is passed as a header regardless of where the value is initially stored. you could literally put the {{bearToken}} variable in that ‘value’ field above and it would send the same token. I find the “inherit from parent” is preferred by some people but I usually submit mine just as a header.

ok thanks. what about the expired token ? I mean do I always have to generate a token then send my request, I mean when it’s beyond 5 minutes?

If the token expires you will require a new one yes.

You can generate as many tokens as you like as they will include (within the cryptography) a date/time stamp that will have an expiration.