Bearer auth (#1)

Author: stefano-ottolenghi

modules/ROOT/pages/authentication-authorization.adoc

@@ -5,13 +5,23 @@
 Unless authentication is disabled on the server, all requests must be authorized using the login credentials of a valid user.
 
 Request are authorized through an `Authorization` header.
-The header value encoding follows the standard format for `Basic` authentication (RFC 7617), which is as follows:
+Both _basic_ and _bearer_ authentication are supported.
+
+[NOTE]
+If authentication is disabled on the server, requests can be sent without an `Authorization` header.
+
+
+== Basic authentication
+
+The header format for basic authentication follows the standard format (RFC 7617):
 
 ----
 Authorization: Basic <base64(username:password)>
 ----
 
-For example, to authenticate as user `neo4j` with password `verysecret`, first join them with a colon:
+.Basic authentication
+=====
+To authenticate as user `neo4j` with password `verysecret`, first join them with a colon:
 
 ----
 neo4j:verysecret
@@ -39,9 +49,42 @@ To obtain the final header, prepend `Basic` to the base64-encoding of the creden
 ----
 Authorization: Basic bmVvNGo6dmVyeXNlY3JldA==
 ----
+=====
 
-[NOTE]
-If authentication is disabled on the server, requests can be sent without an `Authorization` header.
+
+== Bearer authentication
+
+The header format to authenticate with a bearer token is:
+
+----
+Authorization: Bearer <base64(token)>
+----
+
+.Bearer authentication
+=====
+To authenticate with the token `xbhkjnlvianztghqwawxqfe`, first base64-encode it:
+
+----
+eGJoa2pubHZpYW56dGdocXdhd3hxZmUK
+----
+
+.How to base64-encode a string
+[%collapsible]
+====
+To base64-encode a string on a Linux or Mac machine, use the built-in `base64` command:
+
+[source, bash]
+----
+echo -n "xbhkjnlvianztghqwawxqfe" | base64
+----
+====
+
+To obtain the final header, prepend `Bearer` to the base64-encoding of the credential:
+
+----
+Authorization: Bearer eGJoa2pubHZpYW56dGdocXdhd3hxZmUK
+----
+=====
 
 
 == Missing authorization