300+ [REAL TIME] OAuth Interview Questions

1. How Is Authentication Handled With G Suite?

We use OAuth 2.0 in order to authenticate to G Suite accounts for all Google services. This includes email, contacts, calendars, and documents under Google Drive.

2. What Type Of Accounts Can Use Oauth 2.0?

  • OAuth 2.0 is used by all accounts, i.e., both paid and non-paid G Suite accounts.
  • For administrative authentication, BitTitan uses OAuth 2.0 ServiceAccount workflow.
  • For user authentication, BitTitan uses OAuth 2.0 WebApplication workflow.

Note:  Previously, OAuth 1.0 was only available to paid G Suite accounts, namely G Suite for Business and Education.

3. How Do I Migrate Using Oauth 2.0 With Administrative Authentication?

Follow the directions in the Knowledge Base article KB005019 to set up the G Suite account to use OAuth 2.0. In order to provide us administrative authentication access to your G Suite data, add certain allowed scopes to the MigrationWiz project, as described in the article. Also, the article shows how to enable API access, which is required for performing a Google Drive migration.

4. What If I Want To Run A Migration On A G Suite Account Without Adding Oauth Credentials?

If not using administrative authentication, then an OAuth 2.0 challenge requires user actions in order to authorize MigrationWiz to access their data. After submitting a migration for mailbox(es), MigrationWiz will send an email to each user mailbox in order to ask for access privileges. Once the user confirms access privileges, their migration will begin.

Note:

  • Non-paid Google account migrations will also follow the above OAuth 2.0 challenge methodology. It is necessary to migrate these accounts using the individual user name and passwords for each account.
  • Previously Google used “ClientLogin” for such migrations. This has been deprecated and replaced by OAuth 2.0.

Here are some more generic (non-specific to MigrationWiz) questions and answers about OAuth and OAuth 2.0. These have been included here to provide some more detail about how it works.

5. What Is Oauth?

OAuth is an open standard for authorization. OAuth provides client applications a ‘secure delegated access’ to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner, or end user.

The client then uses the access token to access the protected resources hosted by the resource server. OAuth is commonly used as a way for web surfers to log into third-party web sites using their Google, Facebook or Twitter accounts, without worrying about their access credentials being compromised.

6. How Does Oauth 2.0 Work?

To access protected data stored on Google services, use OAuth 2.0 for authorization. Google APIs support OAuth 2.0 flows for different types of client applications. In all of these flows, the client application requests an access token that is associated with only the client application and the owner of the protected data being accessed. The access token is also associated with a limited scope that defines the kind of data the client application has access to (for example, “Manage your tasks”). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen.

The typical work flow for OAuth 2.0 requests:

      • When a user first attempts to use functionality in your application that requires the user to be logged in to a Google Account or YouTube account, your application initiates the OAuth 2.0 authorization process.
      • Your application directs the user to Google’s authorization server. The link to that page specifies the scope of access that your application is requesting for the user’s account. The scope specifies the resources that your application can retrieve, insert, update, or delete when acting as the authenticated user.
      • If the user consents to authorize your application to access those resources, Google returns a token to your application. Depending on your application’s type, it either validates the token or exchanges it for a different type of token.
      • For example, a server-side web application exchanges the returned token for an access token and a refresh token. The access token lets the application authorize requests on the user’s behalf, and the refresh token lets the application retrieve a new access token when the original access token expires.

7. Can I Use The Oauth 2.0 Authentication Management Api Provided By At&t With Other Apis That Are Not Provided By At&t?

No. The OAuth 2.0 Authentication Management API may only be used with RESTful APIs provided by AT&T.

8. Is Notary Management Restricted To The Payment Api?

Notary Management can be used with any other API and is not restricted to the Payment API, OAuth, or any other API. However, if the Payment API is used, the Notary service must be used to facilitate those APIs.

9. Do I Have To Create An Oauth Access Token Every Time I Need To Access A Resource?

No. An OAuth access token can be used until it expires.

10. How Does Openid Differ From The Oauth 2.0 Authentication Management Api?

OpenID is about authentication (i.e. proving who you are). OAuth is about authorization (i.e. granting access to functionality, data, etc., without dealing with the original authentication).

11. Does The Oauth Access Token Expire?

After the lifetime that is specified in the expires_in parameter has elapsed, the OAuth access token is no longer valid. When that occurs, any attempt to use the expired OAuth access token results in an OAuth 2.0 Authentication Management API response with the HTTP Status Code of 401 Unauthorized. A developer must provide logic in their app to handle conditions when the expired OAuth access token may be used.

12. What Is The Class ‘definition Not Found’ Error In Android Sample Apps?

This error occurs because the SDK jar file is not added to the application. Steps to fix this issue:

      • Go to the properties of the application.
      • Select Java BuildPath.
      • In Libraries Tab, Press “Add Jar” button and add the SDK_NAME.jar file.
      • Now go to “Order and Export” tab and Check/Select the “SDK_NAME.jar” file and press OK.
      • Rerun the application now.

13. Are All Apis Available With Premium Access?

Most APIs are available, but some may have additional requirements such as:

  • Finance APIs such as Advertising require banking & tax information to receive funds.
  • APIs that are in closed beta may require that you request and be accepted into the closed beta.
  • Specific APIs because of their nature may require volume commitments under a separate high volume or enterprise agreement.

You can find out more information for specific APIs by visiting our pricing page and clicking on the API you are interested in.

14. Does The Speech Api Only Work On At&t Wireless Mobile Devices?

The Speech API, including the Speech-to-Text transcription and Text-to-Speech functionality, is offered as a RESTful API that runs on the AT&T platform. This means that the API can be used from almost any mobile device, including those using other U.S. wireless carriers and on non-mobile devices, such as backend applications running on servers.

15. Can I Use Real-time Input (for Example, Speech Directly From A Phone), Or Do I Need To Record The Input First?

Yes, you can stream (chunk) audio data as input. There is no need to record the audio first.

16. What Do I Need To Know About Oauth?

Applications must always use an OAuth token in the API request header called Authorization: in order to consume any of the APIs provided by AT&T.

An OAuth access token is obtained by invoking the OAuth API which triggers the authorization process. This process may involve interaction between the application and the API Platform only, as in the case of OAuth Token request, or it may involve interaction between the user’s browser and the API platform. In the latter case, the secure interaction is initiated by the developer’s application but the secure authentication is intentionally routed around the developer’s application and, in so doing, assures the end-user that their user credentials are kept secure and are only passed between AT&T and the user’s browser.

17. Why Should I Use The Oauth 2.0 Authentication Management Api?

The OAuth 2.0 Authentication Management API is more secure than the typical user name and password paradigm as the credentials are not stored on the mobile device.

18. What Is An Aap (application Authentication Package)?

The AAP (Application Authentication Package) bundle is a zip file that contains resource files including your Application Certificate and your Developer Key. The resource files differ depending on whether your app is certified for a development environment or a production environment. After you submit your app information to the AT&T Launch Center, development resource files will be available in your developer dashboard, and after your app passes AT&T Quality Engineering testing, production resource files will be available.

19. How Do I Add A Device To My Receiver?

To add a device to your receiver, you must have the AT&T U-verse Enabled Application installed on your device. Launch the application on your device and navigate to the U-verse Receivers screen. The process below is based on an application that follows the U-verse End User Design Guidelines.

If the receiver name appears in the list with no icons next to it, which is when the receiver is in open mode, select it to connect your device to that receiver and start using the application. No additional action is needed. If the receiver name displays a lock icon pictured next to it, which is when the receiver is in custom/managed mode, you will need to enter a four digit PIN on your device to connect:

  • Select the receiver name, on your device.
  • Tune to channel 9301 on that receiver.
  • Arrow over to Add a Device.
  • Enter the 4 digit code on the TV into the device and select Done.

You should see the receiver is now unlocked. If you don’t see the receiver name on your device, tune to channel 9301 on that TV receiver, select +Add New Receiver on your device and follow the instructions to run the Set-up Wizard.

20. What Do I Do If I See “internal Error Code 3000”?

This normally indicates that the AAP is not valid. If you receive this error, please check that you are using the correct AAP bundle for your test environment.

21. Do I Need To Have An App Key, App Secret, And Short Code To Run The Sdk Sample Apps?

Yes, to run the SDK Sample Apps you must first create a new app in My Apps to acquire an App Key and App Secret.

The short code is optional. It is only needed by SDKs that require AT&T Wireless customer consent to allow the apps to use the customer’s AT&T Wireless mobile number.

22. How Do I Start Discovery?

Using the shared instance of Uverse Connected Manager, call the start Discovery method on application load to initiate the discovery process:

iOS

[[UverseConnectedManager sharedManager] startDiscovery];

Android

uveManagerInstance.startDiscovery(uveListenerInstance);

23. How Should I Access A Reference To The Current ‘settopbox’?

We recommend using mostRecentlyEngagedSetTopBox property of uverseConnectedManager, as this will be updated each time the user engages a different receiver. For example, to get the current channel details of the currently displayed program:

iOS

UverseConnectedManager *manager = [UverseConnectedManager sharedManager];.

NSString *channel = manager.mostRecentlyEngagedSetTopBox.currentProgram.channel;.

Android

uveManager manager = uveManager.getUverseEnabledManager(this,null,AAP_FILE_NAME, RESOURCE_TOKEN);

manager.getMostRecentlyEngagedSetTopBox();

24. What Platforms Are Supported In U-verse Enabled?

iOS and Android are the platforms currently supported.

25. What Are The Different Types Of Aaps?

There are two different types of AAP (Application Authentication Package) bundles that could be issued:

      • Production:
        This AAP will be issued after your app completes AT&T Quality Engineering testing. Every version update will need to be submitted to AT&T for testing before the version is allowed to run in the production environment. The AAP bundle will contain the environment name prodca.
      • ZDEV:
        This is a test environment that can be used to test your application. This environment can be accessed through the developer channel (9315). If you have a consumer U-verse account, you can apply for this channel to be enabled on your U-verse receiver through the Launch Center. The details of this are covered in How to Register and Setup a U-verse Enabled Environment. This channel can also be accessed through the RAKv2. The AAP bundle will contain the environment name zdevca.

26. What Should I Do If The ‘uverseconnectedmanager’ Initialization Fails?

The UverseConnectedManager initialization will fail if you are not on a U-verse network. You must be connected over Wi-Fi to the same access point as the receiver. If it fails for other reasons, you may use the upload log function, or try again (call startDiscovery again). Ideally, if you are on the Wi-Fi of a U-verse household, discovery should not fail.

27. Can I Use Another Identity Provider Like Openid, Google, Facebook Or Twitter To Use At&t’s Apis?

No. You must use AT&T’s OAuth service to use any of AT&T’s APIs.

28. What Operating Systems Support The At&t Aro Data Analyzer?

The AT&T ARO Data Analyzer is supported on Microsoft Windows XP, Windows Vista, Windows Seven, Windows 8 (x86), and on Mac OS X 10.6 and above, including MAC OS X 10.10.

29. Does Oauth 2.0 Authentication Management Api Adhere To Industry Standards For Oauth Implementation?

The AT&T implementation is generally consistent with the OAuth 2.0 Draft 13 framework. However, there are several nuances to the AT&T implementation, such as the use of commas instead of spaces to delineate parameters within the scope variable.

30. How Do I Handle Tokens That Have Expired?

The two complimentary strategies that developers may consider when handling expired tokens are as follows:

  1. Track the creation of the OAuth access token and use the refresh token at appropriate intervals, based on the OAuth access token creation time, in order to generate a new OAuth access token before the expires_in parameter value for the current OAuth access token has elapsed.

Capture the response with the HTTP Status code of 401 Unauthorized and invoke logic that retries the appropriate Get Access Token method request, as follows:

  • Generate a new OAuth access token.
  • Use the new OAuth access token to resubmit any previously failed method requests that failed due to an expired OAuth access token.

In the future, AT&T may change the default values of the expiration parameters for the OAuth access token and refresh token. So it is strongly advised that you always check the expires_in parameter value that is returned with the response to the Get Access Token method call.

31. Does The Oauth Url That I Use In My Server Requests Need To Match Exactly To The Oauth Url That I Entered When Provisioning My Application In The My Apps Section Of The At&t Developer Website?

The URL that you use in your requests must either be an exact match to the OAuth Redirect URI in your application on the AT&T Developer Program website or be an extension of that value. The Redirect URI uses the following rules:

      • If the redirect_uri parameter is not present in the request, then the API Gateway uses the value of the OAuth redirect URI that you provided when you created your application.
      • If the redirect_uri parameter is present in the request, then this parameter value is validated to ensure that the value of the redirect_uri parameter matches the base URI that you provided when you created your application.