Design resilient auth with flaky third-party

Q: Design resilient auth with flaky third-party

This is a System Design interview question from Snowflake for Software Engineer roles. View the full question and solution on PracHub.

Q: How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

Question

System Design: Robust Token Acquisition and API Consumption

Context

You operate a main API that requires clients to present an access token issued by a third‑party authentication service. That third party is unreliable: it intermittently fails and sometimes returns malformed responses. You must design an end‑to‑end, production‑grade system so clients can reliably acquire tokens and call your API.

Assume the third party issues OAuth 2.0/JWT access tokens and publishes a JWKS for signature verification, but its token endpoint/introspection endpoint can be flaky.

Requirements

Design a robust system covering:

Token acquisition flow
Caching and proactive refresh
Token integrity validation (structure, signature, claims)
Retries with exponential backoff and jitter
Circuit breaking
Idempotency for writes to your API
Timeout budgets across hops
Rate limiting and quotas
Graceful degradation and fallback when the third party is down
Observability: metrics, logs, traces
Security: key management, token scope/TTL, rotation
Safe rollout and testing plan

Describe the architecture, algorithms/policies, and key data structures; call out assumptions and trade‑offs.

Design resilient auth with flaky third-party

System Design: Robust Token Acquisition and API Consumption

Context

Requirements

Solution (Locked)

Comments (0)