JavaScript / ECMAScript

Bearer Token (Authorization Header) in JS

Match Bearer token values from HTTP Authorization headers, capturing the raw token string.

Try it in the JS tester →

Pattern

regexJS
Bearer\s+([A-Za-z0-9\-._~+\/]+=*)   (flags: i)

JavaScript / ECMAScript code

jsJavaScript
const re = new RegExp("Bearer\\s+([A-Za-z0-9\\-._~+\\/]+=*)", "i");
const input = "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.abc.def";
const matches = [...input.matchAll(re)];
console.log(matches.map(m => m[0]));

Uses `String.prototype.matchAll` for global iteration (Node 12+ / all modern browsers).

How the pattern works

Bearer\s+ matches the scheme keyword (case-insensitive via i flag) and required whitespace. ([A-Za-z0-9\-._~+\/]+=*) captures the token value using the set of characters allowed in OAuth 2.0 Bearer tokens, with optional trailing = padding.

Examples

Input

Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.abc.def

Matches

  • Bearer eyJhbGciOiJIUzI1NiJ9.abc.def

Input

bearer some_token_value==

Matches

  • bearer some_token_value==

Input

Basic dXNlcjpwYXNz

No match

Same pattern, other engines

Python (re)

Supported

See how this pattern looks (and behaves) in Python's stdlib `re` module.

Go (RE2)

Supported

See how this pattern looks (and behaves) in Go's `regexp` package (RE2 engine).

← Back to Bearer Token (Authorization Header) overview (all engines)