diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js
index 5494528..88d6f6d 100644
--- a/lib/handlers/authenticate-handler.js
+++ b/lib/handlers/authenticate-handler.js
@@ -139,7 +139,7 @@ class AuthenticateHandler {
 
   getTokenFromRequestHeader (request) {
     const token = request.get('Authorization');
-    const matches = token.match(/^Bearer\s(\S+)/);
+    const matches = token.match(/^Bearer ([0-9a-zA-Z-._~+/]+=*)$/);
 
     if (!matches) {
       throw new InvalidRequestError('Invalid request: malformed authorization header');