How to use bearer token for authentication in wget

Bearer tokens are frequently used in HTTP APIs secured by OAuth 2.0 or similar frameworks. These tokens replace traditional username and password credentials, providing a short-lived, revocable way to grant access to protected resources. wget can add this token to the request header, allowing authenticated interactions with API endpoints.

Obtaining a bearer token typically involves requesting it from an authorization server. Once retrieved, the token is placed in the Authorization header, enabling the server to verify client access rights without continuous credential input. As the token can expire, it may need to be refreshed periodically.

Integrating bearer tokens into wget commands simplifies secure automation for data retrieval, backups, or system integrations. This method removes the need for persistent passwords and reduces security risks associated with long-term credential storage.

Steps to authenticate with bearer token in wget:

Obtain a bearer token from the authentication server using a tool like cURL.

$ curl --data "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=client_credentials" https://auth.example.com/oauth/token
{
  "access_token": "YOUR_ACCESS_TOKEN",
  "token_type": "Bearer",
  "expires_in": 3600
}

Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with actual values. Store the returned YOUR_ACCESS_TOKEN securely.

Include the bearer token in the Authorization header when running wget.

$ wget --header="Authorization: Bearer YOUR_ACCESS_TOKEN" https://api.example.com/data -O output.json
--2024-12-10 10:03:00--  https://api.example.com/data
HTTP request sent, awaiting response... 200 OK
Saving to: ‘output.json’

Replacing YOUR_ACCESS_TOKEN with the actual token grants authorized access to the API.

Add the --debug option to see detailed request and response information.
```
$ wget --header="Authorization: Bearer YOUR_ACCESS_TOKEN" https://api.example.com/data -O output.json --debug
```
The --debug option provides verbose output for troubleshooting requests.

Save the bearer token in a file and reuse it in subsequent requests.

$ echo "Authorization: Bearer YOUR_ACCESS_TOKEN" > .wget_headers
$ wget --header="$(cat .wget_headers)" https://api.example.com/data -O output.json

Store sensitive files securely to prevent unauthorized token exposure.

Refresh the bearer token when it expires.

$ curl --data "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN" https://auth.example.com/oauth/token

Obtain a new access token as needed to maintain ongoing access.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.