350-401 · Question #978
Which authorization framework gives third-party applications limited access to HTTP services?
The correct answer is D. OAuth 2.0. OAuth 2.0 is an authorization framework specifically designed to allow third-party applications to obtain limited access to HTTP services on behalf of a user, without exposing the user's credentials. It works by issuing access tokens that define the scope and duration of access,
Question
Which authorization framework gives third-party applications limited access to HTTP services?
Options
- AIPsec
- BGRE
- CBasic Auth
- DOAuth 2.0
How the community answered
(63 responses)- A2% (1)
- B8% (5)
- C3% (2)
- D87% (55)
Explanation
OAuth 2.0 is an authorization framework specifically designed to allow third-party applications to obtain limited access to HTTP services on behalf of a user, without exposing the user's credentials. It works by issuing access tokens that define the scope and duration of access, making it the industry standard for delegated authorization (e.g., "Sign in with Google").
Why the others are wrong:
- IPsec (A) is a network-layer security protocol used to encrypt and authenticate IP communications, not for application-level authorization.
- GRE (B) (Generic Routing Encapsulation) is a tunneling protocol used to encapsulate network packets, with no authentication or authorization functionality.
- Basic Auth (C) is a simple HTTP authentication scheme that transmits credentials (username/password), but it does not provide delegated or limited third-party access - it gives full credential-level access.
Memory Tip: Think of OAuth as an "Open Authorization" ticket system - like giving a valet only your car key, not your house key. The "2.0" version is the modern standard you'll see referenced on exams involving APIs and HTTP services.
Topics
Community Discussion
No community discussion yet for this question.