Which step in the OAuth 2.0 Authorization Code flow is responsible for exchanging the authorization code for an access token?
Think about which step involves the client securely obtaining the token after user approval.
In OAuth 2.0 Authorization Code flow, after the user grants permission, the client receives an authorization code. The client then sends this code to the authorization server's token endpoint to exchange it for an access token.
Where is the most secure place to store API keys in a client-server architecture to prevent unauthorized access?
Consider where secrets should be kept hidden from users.
API keys should be stored securely on the server side, such as in environment variables, to prevent exposure to clients or users. Client-side storage exposes keys to anyone who can inspect the code or browser storage.
In a distributed system with multiple API servers validating JWT tokens, what is the best approach to ensure consistent and scalable token validation?
Think about reducing latency and load on the authorization server.
Caching the public key locally on API servers and refreshing it periodically reduces latency and avoids overloading the authorization server. Fetching on every request or synchronous validation causes performance bottlenecks.
Which statement best describes a key tradeoff when choosing between OAuth 2.0 and API keys for API authentication?
Consider complexity and control features of each method.
OAuth 2.0 supports delegated access with user consent and fine-grained permissions but requires more setup and complexity. API keys are simpler but less flexible and secure.
You expect 1 million active users, each making 10 API requests per minute. Each JWT token is 1 KB in size and stored in a cache for 15 minutes. Approximately how much memory (in GB) is needed to store all active tokens in the cache at peak usage?
Calculate how many unique tokens are active in the cache at once and multiply by token size.
Each user has one active token cached for 15 minutes. With 1 million users, total tokens cached = 1 million. Each token is 1 KB, so total memory = 1 million KB = ~1 GB. However, if tokens are refreshed every request (10 per minute), and cache holds tokens for 15 minutes, total tokens = 1 million users * 10 requests/min * 15 min = 150 million tokens, which is 150 million KB = ~150 GB. The question implies caching tokens per request, so 150 GB is correct.