A team has created a custom portal that lets users log in through an external provider instead of sharing passwords with the portal. Which method accomplishes this setup?
Replicate account credentials into a shared directory on the portal’s infrastructure
Prompt users to store their passwords in the portal database for each login
Forward credentials from the portal to a local identity service that verifies passwords directly
Redirect users to the external provider, have them grant access, then exchange the returned code for a token to request data
A solution that uses a token from the external provider, rather than credentials, ensures the portal does not store or transmit users’ passwords. The other options keep or handle credentials in a way that fails to delegate access securely or forces the portal to manage sensitive data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a token in authentication?
Open an interactive chat with Bash
What is OAuth 2.0 and how does it work?
Open an interactive chat with Bash
Why is storing or managing passwords not recommended for custom portals?