Go

Security & Authentication

JWT, OAuth2, session management, RBAC, crypto/rand vs math/rand, TLS config, secure coding, security best practices

24 perguntas de entrevistaยท
Senior
1

What is the main difference between JWT tokens and traditional server sessions?

Resposta

JWT tokens are stateless (no server-side state) and contain all necessary information encoded within the token itself. Unlike traditional sessions that store data in memory or database server-side with only a session ID client-side, JWT shifts storage responsibility to the client. This facilitates horizontal scaling as no shared state is required between servers.

2

What are the three parts of a JWT token separated by dots?

Resposta

A JWT consists of three Base64URL-encoded parts separated by dots: Header (algorithm and type), Payload (claims/data), and Signature (integrity verification). The structure is header.payload.signature. The header indicates the signing algorithm (HS256, RS256), the payload contains claims (iss, sub, exp), and the signature ensures the token hasn't been tampered with.

3

Which standard JWT claim defines the token expiration timestamp?

Resposta

The 'exp' (expiration time) claim defines the Unix timestamp after which the token should no longer be accepted. Standard claims also include 'iss' (issuer), 'sub' (subject), 'aud' (audience), 'iat' (issued at), and 'nbf' (not before). Validating the exp claim is crucial to limit token validity duration and reduce the impact of a stolen token.

4

What is the main difference between HS256 and RS256 for signing JWTs?

5

How to revoke a JWT before its natural expiration?

+21 perguntas de entrevista

Outros temas de entrevista Go

Go Basics

Junior
25 perguntas

Go Data Structures

Junior
20 perguntas

Go Interfaces

Junior
18 perguntas

Error Handling

Junior
20 perguntas

Goroutines Basics

Junior
20 perguntas

Channels

Junior
22 perguntas

Go Modules

Mid-Level
18 perguntas

HTTP Server

Mid-Level
24 perguntas

HTTP Client

Mid-Level
18 perguntas

JSON Encoding

Mid-Level
20 perguntas

database/sql

Mid-Level
22 perguntas

Context Package

Mid-Level
20 perguntas

Testing

Mid-Level
22 perguntas

Concurrency Patterns

Mid-Level
24 perguntas

Sync Primitives

Mid-Level
22 perguntas

Go Web Frameworks

Mid-Level
20 perguntas

REST API Design

Mid-Level
20 perguntas

gRPC

Mid-Level
22 perguntas

Reflection

Senior
20 perguntas

Memory Management

Senior
24 perguntas

Performance Optimization

Senior
22 perguntas

Generics

Senior
20 perguntas

Go Design Patterns

Senior
24 perguntas

Microservices

Senior
24 perguntas

Docker & Containerization

Senior
20 perguntas

Kubernetes Basics

Senior
22 perguntas

Advanced Go

Senior
20 perguntas

CLI Development

Senior
20 perguntas

Domine Go para sua proxima entrevista

Acesse todas as perguntas, flashcards, testes tecnicos, exercicios de code review e simuladores de entrevista.

Comece gratis