Spring Boot

OAuth2 & Authorization Server

OAuth2 and Authorization Server, flows (authorization code, client credentials), resource server, scopes

20 pytań z rozmów·
Senior
1

What is OAuth2?

Odpowiedź

OAuth2 is an authorization protocol that allows a third-party application to obtain limited access to an HTTP service on behalf of a user, without exposing the user's credentials. It works via access tokens rather than passwords. OAuth2 is widely used for delegated authentication (login via Google, GitHub, etc.) and secured REST APIs.

2

What is the most secure OAuth2 flow for web applications?

Odpowiedź

The Authorization Code flow is the most secure because the access token is never exposed to the browser. The backend application exchanges a temporary authorization code for an access token via a secure channel (backend-to-backend). With PKCE (Proof Key for Code Exchange), this flow becomes even more secure against interception attacks.

3

When should the Client Credentials flow be used?

Odpowiedź

The Client Credentials flow is designed for machine-to-machine (service-to-service) communication without user context. The client application authenticates directly with its own credentials (client_id and client_secret) to obtain an access token. Used for batch jobs, microservices, or backend APIs acting on their own behalf.

4

What is PKCE (Proof Key for Code Exchange) in OAuth2?

5

Why is the Implicit flow deprecated in OAuth2?

+17 pytań z rozmów

Inne tematy rekrutacyjne Spring Boot

Spring Core - IoC & DI

Junior
22 pytań

Spring Boot Auto-Configuration

Junior
20 pytań

Spring Boot Starters

Junior
18 pytań

Application Properties & YAML

Junior
16 pytań

Logging with SLF4J & Logback

Junior
20 pytań

Spring Boot DevTools

Junior
15 pytań

Spring MVC Basics

Mid-Level
20 pytań

Spring REST Controllers

Mid-Level
20 pytań

Request & Response Handling

Mid-Level
20 pytań

Exception Handling

Mid-Level
25 pytań

Bean Validation

Mid-Level
25 pytań

Spring Data JPA Basics

Mid-Level
25 pytań

JPA Entities & Relationships

Mid-Level
30 pytań

JPA Queries

Mid-Level
30 pytań

Spring Data Repositories

Mid-Level
25 pytań

Spring Security Basics

Mid-Level
25 pytań

Spring Boot Actuator

Mid-Level
20 pytań

Unit Testing with JUnit & Mockito

Mid-Level
30 pytań

Spring Boot Testing

Mid-Level
30 pytań

Profiles & Environment

Mid-Level
20 pytań

RestTemplate & WebClient

Mid-Level
24 pytań

Async & Scheduling

Mid-Level
25 pytań

Caching with Spring

Mid-Level
25 pytań

Spring WebFlux (Reactive)

Mid-Level
25 pytań

Spring Transactions

Senior
30 pytań

Advanced Authentication & Authorization

Senior
30 pytań

JWT & Stateless Security

Senior
20 pytań

Spring Boot & Docker

Senior
19 pytań

Microservices with Spring

Senior
25 pytań

Spring Cloud Config

Senior
19 pytań

Performance Optimization

Senior
30 pytań

GraalVM Native Images

Senior
20 pytań

Opanuj Spring Boot na następną rozmowę

Uzyskaj dostęp do wszystkich pytań, flashcards, testów technicznych, ćwiczeń code review i symulatorów rozmów.

Zacznij za darmo