I am done with my interviews but I am kinda stuck thinking about a question in one of my interviews.
While discussing authorization in microservices, I said the client will get the access and refresh token. If the validity of access token is 5 minutes then the client will refresh the token every 5 minutes and then make the request to resource server with the refreshed/valid access token
The interviewer asked what if the token was invalidated at T+1 minutes, the client will still be able to make unauthorized request to the resource server for the next 4 minutes. I didn't have answer to this.
What would have been a reasonable solution to this? I don't want to call introspect endpoint for every request at the resource server.
Please suggest alternative authorization mechanisms too if it would solve this problem.
PS: I have worded it vaguely and thwt's why didn't put on SO for the fear of downvotes. Please feel free to state/ assume any assumptions.
Want to see the real deal?
More inside scoop? View in App
More inside scoop? View in App
blind
SUPPORT
FOLLOW US
DOWNLOAD THE APP:
FOLLOWING
Industries
Job Groups
- Software Engineering
- Product Management
- Information Technology
- Data Science & Analytics
- Management Consulting
- Hardware Engineering
- Design
- Sales
- Security
- Investment Banking & Sell Side
- Marketing
- Private Equity & Buy Side
- Corporate Finance
- Supply Chain
- Business Development
- Human Resources
- Operations
- Legal
- Admin
- Customer Service
- Communications
Return to Office
Work From Home
COVID-19
Layoffs
Investments & Money
Work Visa
Housing
Referrals
Job Openings
Startups
Office Life
Mental Health
HR Issues
Blockchain & Crypto
Fitness & Nutrition
Travel
Health Care & Insurance
Tax
Hobbies & Entertainment
Working Parents
Food & Dining
IPO
Side Jobs
Show more
SUPPORT
FOLLOW US
DOWNLOAD THE APP:
comments