All of helix uses Bearer.
And the validate endpoint does support Bearer. it jsut has a longer history of using oAuth and in general it ties into “works with standard oauth libraries” for the oauth related endpoints
So It’ “standardised across helix” at least.