DumpsBox
Home/google/Free Google Apigee-API-Engineer Actual Exam Questions/Question 4
← Back to Exam

Free Google Apigee-API-Engineer Actual Exam Questions - Question 4 Discussion

Question No. 4
Which is a benefit of three-legged OAuth (authonzation_code grant)'?
Select all that apply, then reveal solution.
US
SP
Sohail P.
2026-02-13

Maybe C. It’s all about letting apps access your info without sharing your password, so the app never actually sees your credentials. That’s the key security benefit here.

0
AX
Ash X.
2026-02-13

Not B, because OAuth’s point isn’t to let random people access your data, but to authorize an app securely. C fits best since it keeps your password hidden from the app while still giving access.

0
AX
Ash X.
2026-02-08

It’s C for sure. The main deal with three-legged OAuth is to let apps act on your behalf without ever handing over your actual password, which keeps things way safer. A is out since auth codes are single-use, and D goes against the whole point of OAuth security. B just sounds sketchy because it suggests giving access to someone else, which isn’t really how OAuth works. The whole flow is about controlled permission, not sharing credentials directly or letting random people in.

0
SH
Sam H.
2026-02-06

It’s C because the whole point is that the client app gets a token, not the user’s password. A is wrong since codes are one-time use only, and D contradicts OAuth’s security goals.

0
SH
Sam H.
2026-02-05

C. Another way to see it is that three-legged OAuth separates the roles clearly: the user, the client app, and the authorization server. This setup makes sure the app never handles the user’s actual login info, which reduces risk if the app gets hacked. Options A and D are wrong because OAuth codes aren’t meant to be reused multiple times and you definitely don’t give out passwords to apps. B sounds sketchy since “allowing another individual access” isn’t really the point here—it’s about controlled access by the app, not handing over credentials to a random person.

0
SR
Sohail R.
2026-01-26

C imo, since the whole point is to avoid sharing passwords with the app while still letting it act on your behalf. A and D just don’t fit the OAuth flow, and B sounds sketchy security-wise.

0
SN
Sarah N.
2026-01-17

B vs C? B sounds risky since it talks about another individual accessing data, which seems like a security issue. C matches the idea of secure delegated access without sharing passwords.

0
SN
Sarah N.
2026-01-12

C makes sense since it keeps user credentials safe while letting apps access data. The others seem off.

0