0
0
HLDsystem_design~5 mins

OAuth 2.0 flow in HLD - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
Recall & Review
beginner
What is the main purpose of OAuth 2.0?
OAuth 2.0 is a protocol that allows a user to grant limited access to their resources on one site to another site, without sharing their credentials.
Click to reveal answer
beginner
Name the four main roles in the OAuth 2.0 flow.
The four main roles are: Resource Owner (user), Client (app requesting access), Authorization Server (issues tokens), and Resource Server (hosts protected resources).
Click to reveal answer
beginner
What is an access token in OAuth 2.0?
An access token is a credential issued by the authorization server that the client uses to access protected resources on behalf of the user.
Click to reveal answer
intermediate
Explain the Authorization Code Grant flow in OAuth 2.0.
The client redirects the user to the authorization server to get an authorization code. Then the client exchanges this code for an access token to access resources securely.
Click to reveal answer
intermediate
Why is the Authorization Code Grant flow considered more secure than the Implicit Grant?
Because the access token is never exposed to the user agent or browser directly; it is exchanged securely on the backend, reducing risk of token leakage.
Click to reveal answer
Which OAuth 2.0 role is responsible for issuing access tokens?
AResource Server
BClient
CResource Owner
DAuthorization Server
In OAuth 2.0, what does the client receive after the user authorizes access in the Authorization Code Grant?
AAccess token directly
BAuthorization code
CRefresh token only
DUser credentials
Which OAuth 2.0 flow is best suited for single-page applications without a backend?
AImplicit Grant
BClient Credentials Grant
CAuthorization Code Grant
DResource Owner Password Credentials Grant
What is the main security risk if the access token is exposed in the browser?
AClient secret exposure
BUser password theft
CToken replay or misuse
DAuthorization code leakage
Which OAuth 2.0 role hosts the protected resources the client wants to access?
AResource Server
BResource Owner
CClient
DAuthorization Server
Describe the step-by-step flow of the OAuth 2.0 Authorization Code Grant.
Think about how the client gets permission and then accesses resources.
You got /4 concepts.
    Explain why OAuth 2.0 improves security compared to sharing user credentials directly.
    Focus on how OAuth limits what the client can do and protects user passwords.
    You got /4 concepts.