Securityflags: i

Bearer Token (Authorization Header)

Match Bearer token values from HTTP Authorization headers, capturing the raw token string.

Try it in RegexPro →

Available in

JSSupported

JavaScript / ECMAScript

Browser-native RegExp. Default if you don't pick.

PYSupported

Python (re)

CPython stdlib `re`. Unicode-aware `\w` and `\d` by default.

GOSupported

Go (RE2)

Linear-time matching. No backreferences or lookarounds.

Pattern

regexengine-agnostic

Bearer\s+([A-Za-z0-9\-._~+\/]+=*)   (flags: i)

Raw source: Bearer\s+([A-Za-z0-9\-._~+\/]+=*)

How it works

Bearer\s+ matches the scheme keyword (case-insensitive via i flag) and required whitespace. ([A-Za-z0-9\-._~+\/]+=*) captures the token value using the set of characters allowed in OAuth 2.0 Bearer tokens, with optional trailing = padding.

Examples

Input

Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.abc.def

Matches

Bearer eyJhbGciOiJIUzI1NiJ9.abc.def

Input

bearer some_token_value==

Matches

bearer some_token_value==

Input

Basic dXNlcjpwYXNz

No match

—

Common use cases

•API gateway log parsing and token redaction
•Auth middleware token extraction
•HTTP request replaying and debugging
•Security audit of log files for exposed tokens

Related patterns

GitHub Personal Access Token

Security

Match GitHub Personal Access Tokens (classic + fine-grained) and OAuth tokens by their `ghX_` prefix.

JWT Token

Security

Match JSON Web Tokens (JWTs) — three base64url-encoded segments separated by dots.

PEM Certificate Block

Security

Match PEM-encoded certificate and key blocks, capturing the block type and base64 content.

AWS Access Key ID

Security

Match AWS access key IDs (both long-term AKIA and temporary ASIA prefixes).

←PreviousCSS hsl() / hsla() Color

All patterns

NextPEM Certificate Block→