OAuth2 & Authorization Server

OAuth2 and Authorization Server, flows (authorization code, client credentials), resource server, scopes

20 คำถามสัมภาษณ์·

Senior

What is OAuth2?

คำตอบ

OAuth2 is an authorization protocol that allows a third-party application to obtain limited access to an HTTP service on behalf of a user, without exposing the user's credentials. It works via access tokens rather than passwords. OAuth2 is widely used for delegated authentication (login via Google, GitHub, etc.) and secured REST APIs.

What is the most secure OAuth2 flow for web applications?

คำตอบ

The Authorization Code flow is the most secure because the access token is never exposed to the browser. The backend application exchanges a temporary authorization code for an access token via a secure channel (backend-to-backend). With PKCE (Proof Key for Code Exchange), this flow becomes even more secure against interception attacks.

When should the Client Credentials flow be used?

คำตอบ

The Client Credentials flow is designed for machine-to-machine (service-to-service) communication without user context. The client application authenticates directly with its own credentials (client_id and client_secret) to obtain an access token. Used for batch jobs, microservices, or backend APIs acting on their own behalf.

What is PKCE (Proof Key for Code Exchange) in OAuth2?

Why is the Implicit flow deprecated in OAuth2?

+17 คำถามสัมภาษณ์

หัวข้อสัมภาษณ์ Spring Boot อื่นๆ

OAuth2 & Authorization Server

What is OAuth2?

คำตอบ

What is the most secure OAuth2 flow for web applications?

คำตอบ

When should the Client Credentials flow be used?

คำตอบ

What is PKCE (Proof Key for Code Exchange) in OAuth2?

Why is the Implicit flow deprecated in OAuth2?

หัวข้อสัมภาษณ์ Spring Boot อื่นๆ

Spring Core - IoC & DI

Spring Boot Auto-Configuration

Spring Boot Starters

Application Properties & YAML

Logging with SLF4J & Logback

Spring Boot DevTools

Spring MVC Basics

Spring REST Controllers

Request & Response Handling

Exception Handling

Bean Validation

Spring Data JPA Basics

JPA Entities & Relationships

JPA Queries

Spring Data Repositories

Spring Security Basics

Spring Boot Actuator

Unit Testing with JUnit & Mockito

Spring Boot Testing

Profiles & Environment

RestTemplate & WebClient

Async & Scheduling

Caching with Spring

Spring WebFlux (Reactive)

Spring Transactions

Advanced Authentication & Authorization

JWT & Stateless Security

Spring Boot & Docker

Microservices with Spring

Spring Cloud Config

Performance Optimization

GraalVM Native Images

เชี่ยวชาญ Spring Boot สำหรับการสัมภาษณ์ครั้งถัดไป