pduldig-at-tw
commented
7 years ago Im not sure if there are specific lengths of the bearer string, but as per RFC6750: https://tools.ietf.org/html/rfc6750
b64token = 1( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) "=" credentials = "Bearer" 1*SP b64token
It would appear that the set of characters is well defined. It might be worth checking against this character set.
Regular expression is accepting any token format and just validates if there is a "Bearer" (or "bearer") prefix:
It can be improved to check, at least, the token size.