ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 48 discussion

Actual exam question from Microsoft's AZ-304
Question #: 48
Topic #: 2
[All AZ-304 Questions]

HOTSPOT -
You configure OAuth2 authorization in API Management as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Web applications -
The Authorization Code Grant Type is used by both web apps and native apps to get an access token after a user authorizes an app.
Note: The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token.
After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
Incorrect Answers:
Not Headless device authentication:
A headless system is a computer that operates without a monitor, graphical user interface (GUI) or peripheral devices, such as keyboard and mouse.
Headless computers are usually embedded systems in various devices or servers in multi-server data center environments. Industrial machines, automobiles, medical equipment, cameras, household appliances, airplanes, vending machines and toys are among the myriad possible hosts of embedded systems.

Box 2: Client Credentials -
How to include additional client data
In case you need to store additional details about a client that don't fit into the standard parameter set the custom data parameter comes to help:

POST /c2id/clients HTTP/1.1 -

Host: demo.c2id.com -

Content-Type: application/json -
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6
{
"redirect_uris" : [ "https://myapp.example.com/callback" ],
"data" : { "reg_type" : "3rd-party",
"approved" : true,
"author_id" : 792440 }
}
The data parameter permits arbitrary content packaged in a JSON object. To set it you will need the master registration token or a one-time access token with a client-reg:data scope.
Incorrect Answers:
Authorization protocols provide a state parameter that allows you to restore the previous state of your application. The state parameter preserves some state object set by the client in the Authorization request and makes it available to the client in the response.
Reference:
https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type https://connect2id.com/products/server/docs/guides/client-registration
by dadageer at April 30, 2021, 11:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dadageer
Highly Voted 4 years ago
Correct! https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2
upvoted 23 times
...
express
Highly Voted 3 years, 10 months ago
Should be D - support state parameters
upvoted 20 times
us3r
3 years, 3 months ago
support state parameter is not related with the custom data. Use of the state parameter: If a state parameter is included in the request, the same value should appear in the response. The app should verify that the state values in the request and response are identical. Link https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow Correct answer: Client credentials reason: read the explanation in the answer field
upvoted 2 times
...
Bijith
3 years, 9 months ago
Right. it should be support state parameters
upvoted 4 times
...
...
JaQua
Most Recent 2 years, 10 months ago
support state param: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#:~:text=The%20value%20can%20also%20encode%20information%20about%20the%20user%27s%20state%20in%20the%20app%20before%20the%20authentication%20request%20occurred.%20For%20instance%2C%20it%20could%20encode%20the%20page%20or%20view%20they%20were%20on.
upvoted 1 times
...
OCHT
2 years, 11 months ago
I selected Web Application and State Parameter
upvoted 1 times
...
itenginerd
3 years, 1 month ago
On my exam today.
upvoted 2 times
...
examineezer
3 years, 4 months ago
After reading this link I believe that the "Client Credentials" GRANT TYPE is not what most people think. Therefore I believe the answer is support state parameter. https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2
upvoted 1 times
...
Dpejic
3 years, 4 months ago
On exam 24.12.2021
upvoted 2 times
...
Dpejic
3 years, 5 months ago
Appere on exam 23-dec-2021
upvoted 2 times
...
sharepoint_Azure_pp
3 years, 7 months ago
Mentioned answers are correct. Choose the same cleared with 900 on 17th October 2021
upvoted 5 times
...
waqas
3 years, 7 months ago
Mentioned Answers are correct.
upvoted 1 times
...
syu31svc
3 years, 7 months ago
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2 I would go with the answers provided
upvoted 4 times
...
niravkanakhara
3 years, 7 months ago
Its API managment, so web appliation is acutally API and authorization code is also selected. Answer should be Web Application and Client Credential to authorize api using Azure AD JWT token.
upvoted 1 times
...
nkv
3 years, 8 months ago
I passed on 20-sep-21, I choose second as support state parameters, first web application
upvoted 2 times
...
dennnnnnnnnn
3 years, 9 months ago
Agreed should be D - support state parameters custom data means "state" in oauth2 grant flow
upvoted 4 times
...
BoxGhost
3 years, 9 months ago
I'm also leaning towards support state based on this: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow A value that's included in the request that's also returned in the token response. It can be a string of any content that you want. The state is used to encode information about the user's state in the app before the authentication request occurred, such as the page or view they were on.
upvoted 2 times
...
Preppy
3 years, 9 months ago
Answer to the second part should be to enable the Support State Parameters checkbox. See the AAD Developer Support team blog article that details this: https://blogs.aaddevsup.xyz/2019/11/state-parameter-in-mvc-application/ By enabling that box, you enable the use of the State parameter in the request, to which you can add additional state data via a dictionary. When the token is returned back, you are then returned this custom data as shown in the article. This is the preferred way to support custom data, per the RFC for oauth 2.0, section 3.1.2.2: https://datatracker.ietf.org/doc/html/rfc6749#section-3.1.2.2: "the client MAY use the "state" request parameter to achieve per-request customization."
upvoted 8 times
...
tvs2021
3 years, 10 months ago
on exam (7-19-2021). passed 304.
upvoted 2 times
RickMorais
3 years, 9 months ago
Given answer, pleeeeeease.
upvoted 3 times
...
nsvijay04b1
3 years, 9 months ago
Congratulations and thanks. It would be great if you confirm what is correct answer.
upvoted 3 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel