Go

Security & Authentication

JWT, OAuth2, session management, RBAC, crypto/rand vs math/rand, TLS config, secure coding, security best practices

24 interview questionsยท
Senior
1

What is the main difference between JWT tokens and traditional server sessions?

Answer

JWT tokens are stateless (no server-side state) and contain all necessary information encoded within the token itself. Unlike traditional sessions that store data in memory or database server-side with only a session ID client-side, JWT shifts storage responsibility to the client. This facilitates horizontal scaling as no shared state is required between servers.

2

What are the three parts of a JWT token separated by dots?

Answer

A JWT consists of three Base64URL-encoded parts separated by dots: Header (algorithm and type), Payload (claims/data), and Signature (integrity verification). The structure is header.payload.signature. The header indicates the signing algorithm (HS256, RS256), the payload contains claims (iss, sub, exp), and the signature ensures the token hasn't been tampered with.

3

Which standard JWT claim defines the token expiration timestamp?

Answer

The 'exp' (expiration time) claim defines the Unix timestamp after which the token should no longer be accepted. Standard claims also include 'iss' (issuer), 'sub' (subject), 'aud' (audience), 'iat' (issued at), and 'nbf' (not before). Validating the exp claim is crucial to limit token validity duration and reduce the impact of a stolen token.

4

What is the main difference between HS256 and RS256 for signing JWTs?

5

How to revoke a JWT before its natural expiration?

+21 interview questions

Other Go interview topics

Go Basics

Junior
25 questions

Go Data Structures

Junior
20 questions

Go Interfaces

Junior
18 questions

Error Handling

Junior
20 questions

Goroutines Basics

Junior
20 questions

Channels

Junior
22 questions

Go Modules

Mid-Level
18 questions

HTTP Server

Mid-Level
24 questions

HTTP Client

Mid-Level
18 questions

JSON Encoding

Mid-Level
20 questions

database/sql

Mid-Level
22 questions

Context Package

Mid-Level
20 questions

Testing

Mid-Level
22 questions

Concurrency Patterns

Mid-Level
24 questions

Sync Primitives

Mid-Level
22 questions

Go Web Frameworks

Mid-Level
20 questions

REST API Design

Mid-Level
20 questions

gRPC

Mid-Level
22 questions

Reflection

Senior
20 questions

Memory Management

Senior
24 questions

Performance Optimization

Senior
22 questions

Generics

Senior
20 questions

Go Design Patterns

Senior
24 questions

Microservices

Senior
24 questions

Docker & Containerization

Senior
20 questions

Kubernetes Basics

Senior
22 questions

Advanced Go

Senior
20 questions

CLI Development

Senior
20 questions

Master Go for your next interview

Access all questions, flashcards, technical tests, code review exercises and interview simulators.

Start for free