OAuth2 & Authorization Server
OAuth2 and Authorization Server, flows (authorization code, client credentials), resource server, scopes
1What is OAuth2?
What is OAuth2?
Відповідь
OAuth2 is an authorization protocol that allows a third-party application to obtain limited access to an HTTP service on behalf of a user, without exposing the user's credentials. It works via access tokens rather than passwords. OAuth2 is widely used for delegated authentication (login via Google, GitHub, etc.) and secured REST APIs.
2What is the most secure OAuth2 flow for web applications?
What is the most secure OAuth2 flow for web applications?
Відповідь
The Authorization Code flow is the most secure because the access token is never exposed to the browser. The backend application exchanges a temporary authorization code for an access token via a secure channel (backend-to-backend). With PKCE (Proof Key for Code Exchange), this flow becomes even more secure against interception attacks.
3When should the Client Credentials flow be used?
When should the Client Credentials flow be used?
Відповідь
The Client Credentials flow is designed for machine-to-machine (service-to-service) communication without user context. The client application authenticates directly with its own credentials (client_id and client_secret) to obtain an access token. Used for batch jobs, microservices, or backend APIs acting on their own behalf.
What is PKCE (Proof Key for Code Exchange) in OAuth2?
Why is the Implicit flow deprecated in OAuth2?
+17 питань зі співбесід
Інші теми співбесід Spring Boot
Spring Core - IoC & DI
Spring Boot Auto-Configuration
Spring Boot Starters
Application Properties & YAML
Logging with SLF4J & Logback
Spring Boot DevTools
Spring MVC Basics
Spring REST Controllers
Request & Response Handling
Exception Handling
Bean Validation
Spring Data JPA Basics
JPA Entities & Relationships
JPA Queries
Spring Data Repositories
Spring Security Basics
Spring Boot Actuator
Unit Testing with JUnit & Mockito
Spring Boot Testing
Profiles & Environment
RestTemplate & WebClient
Async & Scheduling
Caching with Spring
Spring WebFlux (Reactive)
Spring Transactions
Advanced Authentication & Authorization
JWT & Stateless Security
Spring Boot & Docker
Microservices with Spring
Spring Cloud Config
Performance Optimization
GraalVM Native Images
Опануй Spring Boot для наступної співбесіди
Отримай доступ до всіх питань, flashcards, технічних тестів, вправ code review та симуляторів співбесід.
Почни безкоштовно