ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A development team is building a customer-facing web application on AWS. Corporate security policy requires users to authenticate through a third-party OpenID Connect (OIDC) provider; the app must receive a cryptographically signed token containing user profile claims for personalization; and backend APIs will validate the token's signature by retrieving the provider's JSON Web Key Set (JWKS). Which OIDC flow best satisfies these requirements while following current best practice?
Use the OIDC Authorization Code flow so the application exchanges an authorization code at the token endpoint and receives a signed ID token containing user profile claims.
Use the OIDC Implicit flow so the browser receives an unsigned access token that the backend forwards to the APIs.
Use the OAuth 2.0 Resource Owner Password Credentials grant so the application can obtain a refresh token and store the user's password for reuse.
Use the OAuth 2.0 Client Credentials grant so the backend requests an opaque bearer token directly from the identity provider.
OpenID Connect's Authorization Code flow issues an ID token that is always a signed JSON Web Token (JWT). The client obtains an authorization code at the authorization endpoint, exchanges it at the token endpoint, and receives both an ID token carrying user profile claims and, optionally, an access token. The signature can be verified with the provider's JWKS obtained from the discovery document. The Implicit flow also returns an ID token but is discouraged because tokens travel through the browser. The Client Credentials and Resource Owner Password Credentials grants are OAuth-only flows that do not provide an ID token with user claims, so they cannot satisfy the personalization requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OpenID Connect (OIDC)?
Open an interactive chat with Bash
What is the Authorization Code flow in OIDC?
Open an interactive chat with Bash
What is a JSON Web Key Set (JWKS) and why is it used?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .