Code Room
System designHardsd-g237
Subject Oauth oidcLevel Senior–Staff~45 minCommon in Security interviewsIndustries Technology, Software development

Question

Design service-to-service authentication and on-behalf-of delegation for a microservice mesh of ~2,000 services, where a user-facing request fans out through many services and each downstream call must (a) prove the caller's service identity and (b) carry the original user's identity and scopes so a deep service can authorize on the user's behalf — without any service being able to forge a more powerful token than it was handed. Throughput: millions of internal calls/sec. Walk through how service identity and user context propagate, how downstream services validate without a central bottleneck, and how you prevent privilege escalation across hops.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.