Code Room
System designMediumsd-g479
Subject Oauth oidcLevel Mid–Senior~40 minCommon in Security interviewsIndustries Technology, Software development

Question

Design the user-consent and granted-scope subsystem of an OAuth provider that hosts a marketplace of thousands of third-party apps. Requirements: a user grants an app only the scopes it asks for; an app can later request MORE scopes incrementally (without re-granting what it has); the user has a dashboard to review and REVOKE any app's access (all or specific scopes) at any time; and admins of an org can restrict which apps/scopes their users may grant. Discuss the consent/grant data model, incremental authorization, how revocation invalidates already-issued tokens, and how org-level policy overrides individual consent.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.