Oauth2 JWT Interview Questions and Answers | Grant Types, Scope, Access Tokens, Claims | Decoding Code

Oauth2 JWT Interview Questions and Answers | Grant Types, Scope, Access Tokens, Claims | Decoding Code

HomeCode DecodeOauth2 JWT Interview Questions and Answers | Grant Types, Scope, Access Tokens, Claims | Decoding Code
Code Decode Available on Youtube Published 2 years ago
Oauth2 JWT Interview Questions and Answers | Grant Types, Scope, Access Tokens, Claims | Decoding Code
ChannelPublish DateThumbnail & View CountDownload Video
Channel AvatarPublish Date not found Thumbnail
0 Views
View on YouTube Download Video
In this code decoding video, we explained OAuth 2.0 and JWT along with interview questions and answers.

Udemy course “Code Decode on Microservice k8s AWS CICD” link:
https://openinapp.co/udemycourse

Video of the course description:
https://yt.openinapp.co/dmjvd

Check out Next Level from Unacademy: http://nxtlvl.in/dctw

What is OAuth about?
It is an open standard or protocol for authorization.
Security –
Authentication – Who are you?
Authorization – What do you want?

OAuth 2 is an authorization framework that allows applications – such as Facebook or Twitter – to gain restricted access to user accounts of an HTTP service.

This works by delegating user authentication to the service that hosts a user account and allowing third-party applications to access that user account.

OAuth 2 provides authorization flows, not authentication.

There are two versions of OAuth: OAuth 1.0a and OAuth 2.0. These specifications are completely different from each other and cannot be used together: there is no backward compatibility between them. OAuth 2.0 is the most widely used form of OAuth

How does Oauth 2.0 work?
The application requests authorization from the user to access service resources.

Once the user has authorized the request, the application receives authorization approval.

The application requests an access token from the authorization server (API) by providing authentication of its own identity and the authorization promise

If the application identity is authenticated and the authorization grant is valid, the authorization server (API) issues an access token to the application. Authorization is complete.

The application requests the resource from the resource server (API) and presents the access token for authentication

If the access token is valid, the resource server (API) makes the resource available to the application.

It is primarily designed as a means of granting access to a set of resources, such as remote APIs or user data.

What are scopes and tokens?
Using scopes and tokens, OAuth implements granular access controls.

Together they represent a "permission to do something". The token is the "permission" part and the scope defines what the "do something" is.

Think of a movie ticket: the scope is the name of the movie you are allowed to watch, and the card itself is the token that only a cinema employee can validate for authentication. Tokens also have an expiration date. Similar to the movie time on the movie ticket.

Access tokens also contain scope information
There are four types of areas:

Read access
Write access
Read and write access
No access

What are grants?
Application permission types (or flows) are methods that applications can use to obtain access tokens and allow you to grant another entity limited access to your resources without revealing credentials.

Let’s take an example of booking cinema tickets. You can get cinema tickets in two ways

Go to the cinema and buy at the window
Book online

These are two grants or processes. The method you choose will determine what you need to do to get the ticket.

It is similar with the grant types – ways to obtain an access token

Oauth2 offers the following grants –

Client Credentials – Used for non-interactive applications, such as automated processes, microservices, etc. In this case, the application per se is authenticated using its client ID and secret.

Authorization Code – Authorization Code flow can be used by Single Page Apps (SPA) such as Angular applications. In such SPA, the client secret cannot be stored securely, so authentication during exchange is limited to using the client ID.

Most frequently asked Core Java interview questions and answers: https://youtube.com/playlist?list=PLyHJZXNdCXscoyL5XEZoHHZ86_6h3GWE1
Advanced Java Interview Questions and Answers: https://youtube.com/playlist?list=PLyHJZXNdCXsexOO1VQ4vs-BM2-8CKrixd

Questions and answers about the Java 8 interview: https://youtube.com/playlist?list=PLyHJZXNdCXsdeusn4OM33415DCMQ6sUKy

Questions and answers about the Hibernate interview:
https://youtube.com/playlist?list=PLyHJZXNdCXsdC-p2186C6NO4FpadnCC_q

Spring Boot Interview Questions and Answers:
https://youtube.com/playlist?list=PLyHJZXNdCXsexOO1VQ4vs-BM2-8CKrixd

Angular playlist: https://www.youtube.com/watch?v=CAl7RQSdq2Q&list=PLyHJZXNdCXsfxRtDwtGkDD_lLfTWc1g0i
SQL playlist: https://www.youtube.com/playlist?list=PLyHJZXNdCXse86eLuwy5uZohd_bddE9Ni

GIT: https://youtube.com/playlist?list=PLyHJZXNdCXscpl6pxOnL2lRWJlzvzjyZE

Subscriber and follow code decoding
Subscriber Code Decode: https://www.youtube.com/c/CodeDecode?sub_confirmation=1
LinkedIn: https://www.linkedin.com/in/codedecodeyoutube/
Instagram: https://www.instagram.com/codedecode25/

#codedecode #intuit #tcs

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.