Accept access_token provided via header.

[aindlq]

Something like:

Authorization: Bearer <token>

it would make it more convenient to use with libraries like RDF4J.

[tpluscode]

AFAICT, this will be necessary to support authenticated requests with body. Queries too

[Qup42]

Is there a reason for using Bearer in specific? Basic seems "more correct"¹ to me here and also more widely supported². @aindlq

Footnotes

1. Bearer originated with OAuth2 but we only have a static password here. ↩

2. During a very quick research the Basic authentication seemed to be more widely supported in client libraries. ↩

[aindlq]

@Qup42 my understanding is that basic auth requires user id, so it is base64(user_id:password). Bearer is used not only with OAuth, de-facto it is a standard way to provide some kind of a token/password, e.g see openai api - https://platform.openai.com/docs/api-reference/authentication or github api - https://docs.github.com/en/rest/authentication/authenticating-to-the-rest-api?apiVersion=2022-11-28

I'm fine with both, I think you can have some hard-coded username and then use basic auth.

jfyi, one thing to keep in mind when implementing basic auth is the fact that some libraries and tools (like wget) expect a full basic auth challenge-respnose flow.