350-401 · Question #138
Which method of account authentication does OAuth 2.0 use within REST APIs?
The correct answer is B. access tokens. OAuth 2.0 and REST API Authentication OAuth 2.0 uses access tokens to authenticate requests within REST APIs. After a user grants authorization, the OAuth 2.0 framework issues a token (typically a Bearer token) that the client includes in API request headers - this allows secure,
Question
Which method of account authentication does OAuth 2.0 use within REST APIs?
Options
- Ausername/role combination
- Baccess tokens
- Ccookie authentication
- Dbasic signature workflow
How the community answered
(29 responses)- A3% (1)
- B93% (27)
- C3% (1)
Explanation
OAuth 2.0 and REST API Authentication
OAuth 2.0 uses access tokens to authenticate requests within REST APIs. After a user grants authorization, the OAuth 2.0 framework issues a token (typically a Bearer token) that the client includes in API request headers - this allows secure, delegated access without exposing user credentials.
Why the distractors are wrong:
- A (username/role combination) describes role-based access control (RBAC), which is an authorization concept, not OAuth 2.0's authentication mechanism
- C (cookie authentication) is a session-based method used primarily in traditional web applications, not the token-based approach OAuth 2.0 employs
- D (basic signature workflow) describes older methods like HTTP Basic Auth or OAuth 1.0, which used cryptographic signatures - OAuth 2.0 specifically moved away from this complexity
Memory Tip: Think of an OAuth 2.0 access token like a temporary visitor badge - it grants access without revealing your permanent credentials (password), and it expires after a set time. The word "access" in access token directly mirrors OAuth's purpose of granting access.
Topics
Community Discussion
No community discussion yet for this question.