[go: up one dir, main page]
Scribd
Upload
23 views2 pages

OAuthC Practice Questions

Uploaded by

lawalitunudeborah26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views2 pages

OAuthC Practice Questions

Uploaded by

lawalitunudeborah26
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

OAuthC Practice Questions

1. Which of the following is NOT a valid OAuth 2.0 grant type? A) Authorization Code B) Implicit C)
Resource Owner Password Credentials D) Client Hash Grant

2. In the Authorization Code Flow with PKCE, what is the purpose of the
code_verifier/code_challenge pair? A) To replace the access token B) To prevent authorization
code interception attacks C) To encrypt the ID token D) To authenticate the resource server

3. What does an OAuth 2.0 'scope' define? A) The validity period of a token B) The specific
resources or actions a client can access C) The encryption algorithm for tokens D) The client’s
identity

4. Which token type is typically a JSON Web Token (JWT)? A) Refresh Token B) Access Token C)
ID Token D) Both Access and ID Token

5. Which OAuth 2.0 flow is recommended for Single Page Applications (SPAs)? A) Implicit Flow B)
Authorization Code Flow with PKCE C) Client Credentials Flow D) Device Flow

6. In OpenID Connect, which token is primarily used for authentication (who the user is)? A) Access
Token B) ID Token C) Refresh Token D) Scope Token

7. The 'client_id' in OAuth 2.0 represents: A) A secret key shared between client and server B) A
public identifier for the client C) The user’s unique ID D) The resource server identity

8. Which of the following is a best practice when storing refresh tokens on mobile apps? A) Store
them in plaintext in local storage B) Store them securely using OS-provided secure storage C) Send
them in every API request header D) Do not use refresh tokens on mobile

9. In OAuth 2.0, which component issues the access token? A) Resource Server B) Authorization
Server C) Client Application D) End-User

10. What is the main difference between OAuth 2.0 and OpenID Connect? A) OAuth 2.0 is for
authorization, OpenID Connect adds authentication B) OAuth 2.0 is for authentication, OpenID
Connect adds authorization C) OAuth 2.0 uses JWTs, OpenID Connect does not D) OpenID
Connect replaces OAuth 2.0 entirely
Answer Key

1. D) Client Hash Grant


2. B) To prevent authorization code interception attacks
3. B) The specific resources or actions a client can access
4. D) Both Access and ID Token
5. B) Authorization Code Flow with PKCE
6. B) ID Token
7. B) A public identifier for the client
8. B) Store them securely using OS-provided secure storage
9. B) Authorization Server
10. A) OAuth 2.0 is for authorization, OpenID Connect adds authentication

You might also like