Authentication Interview Overview
Continuously accumulating authentication-related interview questions and key points, organized from basic to advanced.
Lv1 Basics
- How was authentication implemented in your past projects?
- What are the differences between Session-based and Token-based authentication?
- What is the structure of JWT?
Lv2 Advanced
- Where can tokens be stored? What security concerns should be considered? (To be added)
- How does the frontend automatically attach a token to every API request? (To be added)
- How should token expiration be handled? (To be added)
Lv3 System Design
- Why do microservice architectures prefer JWT? (To be added)
- What are the drawbacks of JWT? How do you handle active logout? (To be added)
- How can you reduce or prevent token theft? (To be added)
Lv4 Advanced Extensions
- To implement "force logout on all devices," how would you do it with Session vs Token architectures? (To be added)
- What authentication strategy is commonly used with SSO (Single Sign-On)? (To be added)