0 Bearer Tokens for external tokens

4. Use a Secure Hash Algorithm to Sign Your Tokens

When signing your tokens, use the strongest algorithm available in your infrastructure: SHA-256 or better. If you are using an HMAC algorithm to sign your token, make sure it is at least 256 bits long (e.g., HMAC-SHA256). The shorter the length of the signature, the easier it is for hackers to crack them with brute force attacks
https://t.co/cyZqkS4z8a