Which authorization framework is commonly used in modern web applications to…

2023

Which authorization framework is commonly used in modern web applications to enable token-based access and is often integrated into Single Sign-On (SSO) systems?

  1. A.

    Secure Sockets Layer

  2. B.

    Kerberos

  3. C.

    OAuth 2.0

  4. D.

    Lightweight Directory Access Protocol

  5. E.

    Transport Layer Security

Attempted by 31 students.

Show answer & explanation

Correct answer: C

Concept

An authorization framework defines how a client application is granted limited, delegated access to a protected resource on behalf of a user, typically by issuing and validating access tokens rather than sharing the user's credentials. This token-based delegation is exactly what modern web and mobile single sign-on (SSO) flows rely on, where one identity provider issues tokens that many applications trust.

Applying it here

The framework whose entire purpose is delegated, token-based authorization for web and mobile applications is OAuth 2.0. Defined in RFC 6749 as 'The OAuth 2.0 Authorization Framework', it issues access tokens through flows such as the authorization code grant, and it is the foundation on which the OpenID Connect identity layer and most enterprise SSO sign-in flows are built.

Contrast with the other choices

  • Secure Sockets Layer and Transport Layer Security are transport-encryption protocols that secure data in transit; they protect the channel but do not authorize delegated access or issue access tokens.

  • Kerberos is a network authentication protocol that uses tickets within a trusted domain (common in Windows networks); it authenticates identities but is not the token-based authorization framework built for modern web/mobile SSO.

  • Lightweight Directory Access Protocol is a protocol for querying and managing a directory of users and resources; it stores identity data but does not perform delegated, token-based authorization.

Therefore OAuth 2.0 is the correct authorization framework for token-based access in SSO systems.

Explore the full course: Up Police Computer Operator