Final Assessment

Question 1

Which of the following statements is true about token based architectures

Solution

It provides fundamentals to build a zero trust architecture

Question 2

Which HTTP request header is used to pass the access token

Solution

The Authorization header

Question 3

What does the client need to send along with an access token of type Bearer when calling the API?

Solution

Nothing

Question 4

Which OAuth flow is most suitable for web applications

Solution

Code flow

Question 5

Who is the only allowed final recipient (audience) of a refresh token?

Solution

The Authorization Server

Question 6

What is the difference between scopes and claims?

Solution

Scopes don't have values but claims do

Question 7

Why do we say that the access token is the identity API for the APIs

Solution

The access token contains claims that can be tailored for the APIs identity needs

Question 8

What are the two base OAuth endpoints called

Solution

Authorization endpoint and token endpoint

Question 9

How does a user authenticate when the client starts a code flow

Solution

It is not defined by the OAuth specification

Question 10

Why are scopes helpful for application (client) level permissions

Solution

Because they limit what the client can do, no matter who logs in