I have noticed the convention is to send a JWT in the header under the field Authorization. The standard is to send the token as such:
Authorization:Bearer [token]
My question is why do I need to put the Bearer part why not just:
Authorization:[token]
When I receive the first request I need to parse every request to get rid of the Bearer when I verify my JWT. What is the point of this?
It was started in the HTTP 1.0 standard, that added the Authorization: Basic.
Then some other popular protocols (/frameworks) popularised other kinds of authentication, like OAuth's Authorization: Bearer.
Practically, the HTTP standard (both "obsolete" and "more modern") declare it as
Authorization = "Authorization" ":" credentials
without any constraints on how the credentials to be shaped.
So it is up to you on what you put there, as soon as it works for you.