Online Courses
API Authentication
Online Courses
API Authentication
  • Introduction
  • API Authentication - a (very) brief introduction
    • The variants of API Authentication
    • Basic Authentication
    • API Keys
    • TLS Authentication
    • Token Based Authentication
    • Token Based Authentication and Authorization
    • OpenID Connect vs OAuth
    • History
    • Summary
    • Quiz
  • OAuth Actors
    • OAuth Actors
    • OAuth 2.0 Autors
    • Authorization vs Delegation
    • Quiz
  • OAuth 2.0 Interaction patterns
    • OAuth Code Flow
    • Client Credentials
    • Summary
    • Quiz
  • Tokens
    • Tokens
    • Formats
      • Bearer
      • PoP Tokens
    • Using an Access Token
    • Using a DPoP Access Token
    • JSON Web Token
    • Summary
    • Quiz
  • Scopes and Claims
    • What are scopes?
    • User Consent
    • Example
    • Claims
    • How to identity data to put in the token
    • Scopes and claim hierarcy
    • Putting it together
    • Summary
    • Quiz
  • APIs and Gateways
    • Why Gateways
    • Adding OAuth
    • Remember formats?
    • All APIs should depend on JWTs
    • Introspection
    • API to API call
    • API Authorization
    • Summary
    • Quiz
  • Final Assessment
Powered by GitBook
On this page
  • Question 1
  • Question 2
  • Question 3
  • Question 4
  • Question 5
  • Question 6
  • Question 7
  • Question 8
  • Question 9
  • Question 10

Final Assessment

Question 1

Which of the following statements is true about token based architectures

Solution

It provides fundamentals to build a zero trust architecture

Question 2

Which HTTP request header is used to pass the access token

Solution

The Authorization header

Question 3

What does the client need to send along with an access token of type Bearer when calling the API?

Solution

Nothing

Question 4

Which OAuth flow is most suitable for web applications

Solution

Code flow

Question 5

Who is the only allowed final recipient (audience) of a refresh token?

Solution

The Authorization Server

Question 6

What is the difference between scopes and claims?

Solution

Scopes don't have values but claims do

Question 7

Why do we say that the access token is the identity API for the APIs

Solution

The access token contains claims that can be tailored for the APIs identity needs

Question 8

What are the two base OAuth endpoints called

Solution

Authorization endpoint and token endpoint

Question 9

How does a user authenticate when the client starts a code flow

Solution

It is not defined by the OAuth specification

Question 10

Why are scopes helpful for application (client) level permissions

Solution

Because they limit what the client can do, no matter who logs in

PreviousQuiz

Last updated 9 months ago