Concept Flow - Bearer token handling

Client sends request with Authorization header

↓

Server reads Authorization header

↓

Check if header starts with 'Bearer '

↓

Extract token

↓

Validate token

↓

If valid: allow access

↓

If invalid: reject request

The server checks the Authorization header for a Bearer token, extracts it, validates it, and then allows or denies access.

Execution Sample

FastAPI

from fastapi import FastAPI, Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials

app = FastAPI()
security = HTTPBearer()

@app.get("/secure")
async def secure_route(credentials: HTTPAuthorizationCredentials = Depends(security)):
    token = credentials.credentials
    if token != "validtoken":
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
    return {"message": "Access granted"}

This FastAPI code checks for a Bearer token, validates it, and returns access granted or unauthorized.

Execution Table

Step	Action	Authorization Header	Token Extracted	Token Valid?	Result
1	Client sends request	Bearer validtoken			Request received
2	Server reads header	Bearer validtoken			Header read
3	Check header starts with 'Bearer '	Bearer validtoken		Yes	Proceed
4	Extract token	Bearer validtoken	validtoken		Token extracted
5	Validate token	Bearer validtoken	validtoken	Yes	Access granted
6	Return response				{"message": "Access granted"}
7	Client sends request	Bearer invalidtoken			Request received
8	Server reads header	Bearer invalidtoken			Header read
9	Check header starts with 'Bearer '	Bearer invalidtoken		Yes	Proceed
10	Extract token	Bearer invalidtoken	invalidtoken		Token extracted
11	Validate token	Bearer invalidtoken	invalidtoken	No	Raise 401 Unauthorized
12	Return response				HTTP 401 Unauthorized

💡 Execution stops after returning response based on token validity.

Variable Tracker

Variable	After Step 4	After Step 5	After Step 10	After Step 11
Authorization Header	Bearer validtoken	Bearer validtoken	Bearer invalidtoken	Bearer invalidtoken
Token Extracted	validtoken	validtoken	invalidtoken	invalidtoken
Token Valid?		Yes		No
Result		Access granted		401 Unauthorized

Key Moments - 3 Insights

Why do we check if the header starts with 'Bearer ' before extracting the token?

What happens if the token is invalid?

Why do we extract the token from the header instead of using the whole header value?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table, what is the token extracted at step 10?

Avalidtoken

Binvalidtoken

CBearer invalidtoken

DNo token extracted

Concept Snapshot

Bearer token handling in FastAPI:
- Client sends Authorization header: 'Bearer <token>'
- Server checks header starts with 'Bearer '
- Extract token part after 'Bearer '
- Validate token (e.g., compare to expected value)
- If valid, allow access; if not, raise 401 Unauthorized
- Use HTTPBearer and HTTPAuthorizationCredentials for easy handling

Full Transcript

In Bearer token handling with FastAPI, the client sends a request with an Authorization header containing the token prefixed by 'Bearer '. The server reads this header and first checks if it starts with 'Bearer '. If it does, the server extracts the token part after 'Bearer ' and validates it. If the token matches the expected value, the server grants access and returns a success message. If the token is invalid or the header does not start with 'Bearer ', the server rejects the request with a 401 Unauthorized error. This process ensures secure access control using tokens. The FastAPI HTTPBearer security class helps manage this flow easily by extracting and validating tokens automatically.