5 collocation exercises on auth and access-control verbs.
0 / 5 completed
1 / 5
The API will ___ the user by verifying their JWT before processing any request.
To authenticate a user means to verify their identity, typically through a token, password, or certificate. Authenticate is the precise security term, behind "authentication service" and OAuth flows. Check out, verify up, and confirm in are informal or not real collocations. Security engineers say "authenticate the request before processing," so authenticate the user is the correct collocation for the identity-verification step in any access control system.
2 / 5
The RBAC system will ___ the user to access only the resources their role permits.
To authorize a user means to grant them permission to perform an action or access a resource, following authentication. Authorize is the precise term, behind "authorization middleware" and OAuth scopes. Allow in, permit through, and pass along are too informal. Engineers say "authenticate first, then authorize," so authorize the user is the correct collocation for the access-decision step that follows identity verification.
3 / 5
The admin dashboard allows super-users to ___ access to specific resources to team members.
To grant access means to formally assign permission to a user or role. Grant is the precise access-control verb, as in "grant read access" and SQL's GRANT statement. Give out, hand over, and offer up are informal and lack the precise permission-management sense. DBAs say "GRANT SELECT ON table TO user," so grant access is the correct, idiomatic collocation for assigning permissions in any security model.
4 / 5
When an employee leaves, the security team will ___ their API tokens and revoke their SSO session.
To revoke a token means to invalidate it so it can no longer be used for authentication or authorisation. Revoke is the standard security term, as in "token revocation" and OAuth revocation endpoint. Cancel out, remove away, and delete up are not real technical collocations. Security procedures say "revoke all credentials on offboarding," so revoke a token is the correct collocation for the act of invalidating an access credential.
5 / 5
Access tokens ___ after one hour, requiring the client to refresh them using the refresh token.
Tokens expire when they reach their configured time-to-live and become invalid. Expire is the precise term, behind "token expiry" and "expiration timestamp" in JWT headers. Run out, die off, and stop up are informal and not used in authentication systems. Engineers configure "token expiry of 3600 seconds," so expire is the correct verb for the moment an access token becomes invalid due to age.