0
0
HLDsystem_design~20 mins

OAuth 2.0 flow in HLD - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
Challenge - 5 Problems
🎖️
OAuth 2.0 Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Identify the main purpose of the OAuth 2.0 Authorization Code flow
Which of the following best describes the main purpose of the OAuth 2.0 Authorization Code flow?
ATo directly provide the client application with the user's password for authentication.
BTo allow the client application to refresh the access token without any prior authorization.
CTo enable the client application to access resources without any user interaction or consent.
DTo allow a client application to obtain an access token by exchanging an authorization code received after user consent.
Attempts:
2 left
💡 Hint
Think about how the client gets permission from the user before accessing protected resources.
Architecture
intermediate
2:00remaining
Select the correct sequence of steps in OAuth 2.0 Authorization Code flow
What is the correct order of steps in the OAuth 2.0 Authorization Code flow?
A1,2,3,4
B2,1,3,4
C1,3,2,4
D3,1,2,4
Attempts:
2 left
💡 Hint
Remember the user must first login and consent before the client gets the code.
scaling
advanced
2:30remaining
Choose the best approach to scale an OAuth 2.0 Authorization Server
Which approach best supports scaling an OAuth 2.0 Authorization Server to handle millions of users securely and efficiently?
ADisable token expiration to reduce database lookups and improve performance.
BStore all tokens and sessions in a single database instance to ensure consistency.
CUse a stateless token design like JWTs and deploy multiple authorization server instances behind a load balancer.
DUse a monolithic server with synchronous blocking calls to handle all token requests.
Attempts:
2 left
💡 Hint
Think about how to avoid bottlenecks and maintain security with many users.
tradeoff
advanced
2:30remaining
Evaluate tradeoffs between using JWT access tokens vs opaque tokens
What is a key tradeoff when choosing JWT access tokens over opaque tokens in OAuth 2.0?
AJWT tokens allow stateless validation but can be larger and harder to revoke immediately.
BJWT tokens require a central database lookup for every request, increasing latency.
COpaque tokens contain user credentials, making them less secure than JWTs.
DOpaque tokens are self-contained and can be validated without contacting the authorization server.
Attempts:
2 left
💡 Hint
Consider token size, validation method, and revocation capabilities.
estimation
expert
3:00remaining
Estimate token storage requirements for an OAuth 2.0 system
An OAuth 2.0 system issues 10 million access tokens daily. Each token record stored in the database requires 1 KB. If tokens expire after 1 hour and the system keeps expired tokens for 24 hours for audit, approximately how much storage in GB is needed to store all tokens for 24 hours?
A1 TB
B10 GB
C240 GB
D100 GB
Attempts:
2 left
💡 Hint
Calculate tokens per hour, multiply by 24 hours, then convert KB to GB.