Exam 350-201 topic 1 question 82 discussion

I think A is corect

A is correct. Look at the flow

In the context of REST API authentication, the process typically involves the REST client first obtaining an access token by providing the necessary credentials, which usually include a password. Once the REST client has the access token, it uses this token to request access to a specific resource on the server. The REST API then validates the provided access token to ensure it is correct and has not expired. If the token is valid, the REST API grants the client access to the requested resource. This method ensures that only authenticated clients can access resources, providing a layer of security for the API.

This question is on recent test. I believe answer A is correct. Token is generated by Oauth authorization server after user credential is validated.

B. The token is obtained by providing a password. The REST API requests access to a resource using the access token, validates the access token, and gives access to the resource. When a user logs in with their credentials, the REST API generates a token, which is then used to authenticate subsequent requests. The REST client sends the token with each request to the REST API, which validates the token and provides access to the requested resource if the token is valid. The user's password is used only to obtain the initial token, which is then used for subsequent authentication. - ChatGPT

A. The token is obtained by providing a password. The REST client requests access to a resource using the access token. The REST API validates the access token and gives access to the resource. In this method, the REST API client first obtains an access token by providing a password or other form of authentication. The client then sends a request to the REST API, including the access token, to access a specific resource. The REST API verifies the token and if it's valid, it grants access to the requested resource.