OAuth is widely used for social login on websites and apps. What is its main role?
Think about how OAuth helps users avoid giving their passwords to third-party apps.
OAuth allows users to log in using their existing social media accounts by granting limited access tokens, so the app never sees the user's password.
There are different OAuth flows. Which one is typically used by web apps to securely get user authorization?
This flow involves exchanging a code for a token securely on the server side.
The Authorization Code Flow is designed for web apps to securely obtain access tokens by exchanging an authorization code on the backend, protecting tokens from exposure.
During OAuth login, the app sends a redirect URI. What is the result if this URI does not exactly match the one registered with the social provider?
Security is strict about redirect URIs to prevent attacks.
If the redirect URI does not match exactly, the social provider blocks the OAuth process to prevent malicious redirection.
OAuth uses a 'state' parameter during login. What is the main reason to check this value when the user returns?
Think about attacks where someone tricks a user into submitting unwanted requests.
The state parameter helps ensure the response belongs to the original request, protecting against CSRF attacks.
OAuth and OpenID Connect are related but different. Which statement correctly compares them?
Consider what each protocol is designed to do: access control vs user identity.
OAuth provides a way to authorize access to resources, while OpenID Connect builds on OAuth to provide user authentication and identity information.