In a microservices system using OAuth 2.0, how can an API Gateway improve scalability and security when handling access tokens?

hard📝 Trade-off Q15 of 15

Microservices - Authentication and Authorization

ABy bypassing token validation to reduce latency

BBy storing all user passwords and tokens for microservices to access

CBy encrypting all tokens with a shared secret before sending to microservices

DBy centralizing token validation and forwarding only authorized requests to microservices

Step-by-Step Solution

Solution:

Step 1: Understand API Gateway role in OAuth 2.0
The API Gateway can validate tokens centrally, so microservices do not need to validate tokens individually, improving performance and security.
Step 2: Eliminate incorrect options
Storing passwords centrally is insecure; encrypting tokens unnecessarily adds complexity; bypassing validation reduces security and is unsafe.
Final Answer:
By centralizing token validation and forwarding only authorized requests to microservices -> Option D
Quick Check:
API Gateway = central token validation [OK]

Quick Trick: Use API Gateway to validate tokens once for all microservices [OK]

Common Mistakes:

MISTAKES

Master "Authentication and Authorization" in Microservices

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More Microservices Quizzes