Francesco CiullaI do the interviews, and very often I change questions, based on the position requested. But there are a number of questions that I particularly like, and I would like to share them with you. with what I think are the best answers.
GitHub Repository:: https://github.com/FrancescoXX/InterviewsQuestions
Question:
๐ฐ๏ธ๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ๐๐ฐ๐ผ๐๐๐ฎ๐๐ฎ๐ฆ๐ฐ๐ฟ๐ถ๐ฝ๐@francescociull4
I want to share some real questions i make in my interviews, i hope this can help someone
โWhat is the difference between Authorization and Authentication, and how would you implement that in a project? With which technologies?19:16 PM - 28 Apr 2020
Best Answers:
@FrancescoCiull4 Authentication: Who are you - really?
Authorization: Who can do what?19:37 PM - 28 Apr 2020
@FrancescoCiull4 It would be a lot easier if they don't rhyme/ sound a lot like each other.
They should've named authentication with "Identification" and authorization with "privilege-granting" instead.
Much easier to answer.19:38 PM - 28 Apr 2020
Samar Jaffal ๐บ@samarj_h@FrancescoCiull4 Good question.
For me, authorization means roles or access for something.
And authentication means you need to validate or verify something.23:30 PM - 28 Apr 2020
@samarj_h @FrancescoCiull4 Hmm... For me, Authentication means confirmation of credentials for access & authorization means more specific access permissions by roles or profiles and permissions for C/R/U/D.00:19 AM - 29 Apr 2020
LJC@ljc_dev@FrancescoCiull4 ATC is for login and ATR is checking if logged in user has the right to do sth/access stuff. Using jwt access/refresh tokens for ATC and isAdmin or roles array for ATR. I'd check token in fetch and graphQL requests for user spe stuff and check user.isAdmin for restricted actions20:34 PM - 28 Apr 2020
@FrancescoCiull4 mhhhh I would say authentication is when someone identifies him/her self. On the other hand, authorization is when you allow users to something based on a ROLE.
Is that correct?
I still have to research what technologies there are, I guess I would go with @Firebase or @auth019:19 PM - 28 Apr 2020
Tarmizi Hamid@great_tarmizi@FrancescoCiull4 authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.21:24 PM - 28 Apr 2020
Swarupbam@swarupbam@FrancescoCiull4 Authentication is checking whether user is a legitimate user and authorization is checking whether user has a access to certain resources. Auth004:53 AM - 29 Apr 2020
@FrancescoCiull4 Authenticated User: You are a valid user of an application
Authorized User: You are authorized to use this functionality within that application.
Authentication comes first and then Authorization.
The later deals with Roles and Access for features within the application.00:02 AM - 29 Apr 2020
@FrancescoCiull4 @Benjaminspak Authentication is access to the system. Authorisation means level of access when authenticated. Authentication can be from simple password to tokens for stateless systems, and authorisation can be implemented at different levels like pages, packages and methods.16:59 PM - 29 Apr 2020
Akshayvinodp@akshayvinodp@FrancescoCiull4 Authentication : ldap/sso. Some kind of identity authentication tool. Like auth0. Best to integrate with ur org identity provider.
Authorisation: ldap roles/groups or app roles using db. You can configure jwt token to return groups info for user & determine level of authority04:59 AM - 29 Apr 2020
GitHub Repository:: https://github.com/FrancescoXX/InterviewsQuestions
