Go

Security & Authentication

JWT, OAuth2, session management, RBAC, crypto/rand vs math/rand, TLS config, secure coding, security best practices

24 câu hỏi phỏng vấn·
Senior
1

What is the main difference between JWT tokens and traditional server sessions?

Câu trả lời

JWT tokens are stateless (no server-side state) and contain all necessary information encoded within the token itself. Unlike traditional sessions that store data in memory or database server-side with only a session ID client-side, JWT shifts storage responsibility to the client. This facilitates horizontal scaling as no shared state is required between servers.

2

What are the three parts of a JWT token separated by dots?

Câu trả lời

A JWT consists of three Base64URL-encoded parts separated by dots: Header (algorithm and type), Payload (claims/data), and Signature (integrity verification). The structure is header.payload.signature. The header indicates the signing algorithm (HS256, RS256), the payload contains claims (iss, sub, exp), and the signature ensures the token hasn't been tampered with.

3

Which standard JWT claim defines the token expiration timestamp?

Câu trả lời

The 'exp' (expiration time) claim defines the Unix timestamp after which the token should no longer be accepted. Standard claims also include 'iss' (issuer), 'sub' (subject), 'aud' (audience), 'iat' (issued at), and 'nbf' (not before). Validating the exp claim is crucial to limit token validity duration and reduce the impact of a stolen token.

4

What is the main difference between HS256 and RS256 for signing JWTs?

5

How to revoke a JWT before its natural expiration?

+21 câu hỏi phỏng vấn

Các chủ đề phỏng vấn Go khác

Go Basics

Junior
25 câu hỏi

Go Data Structures

Junior
20 câu hỏi

Go Interfaces

Junior
18 câu hỏi

Error Handling

Junior
20 câu hỏi

Goroutines Basics

Junior
20 câu hỏi

Channels

Junior
22 câu hỏi

Go Modules

Mid-Level
18 câu hỏi

HTTP Server

Mid-Level
24 câu hỏi

HTTP Client

Mid-Level
18 câu hỏi

JSON Encoding

Mid-Level
20 câu hỏi

database/sql

Mid-Level
22 câu hỏi

Context Package

Mid-Level
20 câu hỏi

Testing

Mid-Level
22 câu hỏi

Concurrency Patterns

Mid-Level
24 câu hỏi

Sync Primitives

Mid-Level
22 câu hỏi

Go Web Frameworks

Mid-Level
20 câu hỏi

REST API Design

Mid-Level
20 câu hỏi

gRPC

Mid-Level
22 câu hỏi

Reflection

Senior
20 câu hỏi

Memory Management

Senior
24 câu hỏi

Performance Optimization

Senior
22 câu hỏi

Generics

Senior
20 câu hỏi

Go Design Patterns

Senior
24 câu hỏi

Microservices

Senior
24 câu hỏi

Docker & Containerization

Senior
20 câu hỏi

Kubernetes Basics

Senior
22 câu hỏi

Advanced Go

Senior
20 câu hỏi

CLI Development

Senior
20 câu hỏi

Nắm vững Go cho lần phỏng vấn tiếp theo

Truy cập tất cả câu hỏi, flashcards, bài kiểm tra kỹ thuật, bài tập code review và mô phỏng phỏng vấn.

Bắt đầu miễn phí