HOTSPOT - You configure OAuth2 authorization in API Management as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area: Suggested Answer: Box 1: Web applications - The Authorization Code Grant Type is used by both web apps and native apps to get an access token after a user authorizes an app. Note: The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token. Incorrect Answers: Not Headless device authentication: A headless system is a computer that operates without a monitor, graphical user interface (GUI) or peripheral devices, such as keyboard and mouse. Headless computers are usually embedded systems in various devices or servers in multi-server data center environments. Industrial machines, automobiles, medical equipment, cameras, household appliances, airplanes, vending machines and toys are among the myriad possible hosts of embedded systems. Box 2: Client Credentials - How to include additional client data In case you need to store additional details about a client that don't fit into the standard parameter set the custom data parameter comes to help: POST /c2id/clients HTTP/1.1 - Host: demo.c2id.com - Content-Type: application/json - Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6 { "redirect_uris" : [ "https://myapp.example.com/callback" ], "data" : { "reg_type" : "3rd-party", "approved" : true, "author_id" : 792440 } } The data parameter permits arbitrary content packaged in a JSON object. To set it you will need the master registration token or a one-time access token with a client-reg:data scope. Incorrect Answers: Authorization protocols provide a state parameter that allows you to restore the previous state of your application. The state parameter preserves some state object set by the client in the Authorization request and makes it available to the client in the response. Reference:https://myapp.example.com/callback" ], "data" : { "reg_type" : "3rd-party", "approved" : true, "author_id" : 792440 } } The data parameter permits arbitrary content packaged in a JSON object. To set it you will need the master registration token or a one-time access token with a client-reg:data scope. Incorrect Answers: Authorization protocols provide a state parameter that allows you to restore the previous state of your application. The state parameter preserves some state object set by the client in the Authorization request and makes it available to the client in the response. Reference: https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type https://connect2id.com/products/server/docs/guides/client-registration This question is in AZ-304 Microsoft Azure Architect Design Exam For getting Microsoft Certified: Azure Solutions Architect Expert Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Microsoft. The website does not contain actual questions and answers from Microsoft's Certification Exams. Trademarks, certification & product names are used for reference only and belong to Microsoft.
Please login or Register to submit your answer