A company develops a third-party application that needs to access user data from a popular social media platform without exposing user credentials. Which of the following would be the most secure method for the application to request and receive authorization to access the platform’s data on behalf of the user?
Store user credentials locally on the user device and use them to authenticate each session with the social media platform.
Embed user credentials in the application code and authenticate directly with the social media platform.
Implement a custom encryption algorithm to secure user credentials when accessing the social media platform’s API.
Use OAuth protocol to request and receive authorization tokens from the social media platform.
Create a shared user account on the social media platform for the application and all its users.
Use basic access authentication by sending a base64 encoded string containing the user's username and password.
The correct answer is to use the OAuth protocol to request and receive authorization tokens from the social media platform. OAuth allows third-party applications to access user data without requiring users to share their login credentials with the third-party application. The application receives an access token which it can use to make API calls to the platform on behalf of the user. Other methods mentioned either are less secure or don't provide a means of authorization without sharing credentials.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OAuth and how does it work?
Open an interactive chat with Bash
What are authorization tokens and why are they important?
Open an interactive chat with Bash
What are some risks of not using OAuth when accessing third-party services?