Design Authentication Manager

Design Authentication Manager

1. What is this problem about?

The Design Authentication Manager interview question involves creating a system to manage user session tokens. Each token has a specific time-to-live (TTL). You need to support generating a new token, renewing an existing (non-expired) token, and counting the number of currently active (non-expired) tokens at a given timestamp. This Design Authentication Manager coding problem focuses on time-based state management.

2. Why is this asked in interviews?

Oracle and Atlassian ask this to test your proficiency with Hash Table interview patterns and your ability to handle lifecycle logic. It evaluates how you manage data that has a "natural" expiration and how you perform cleanup or filtering based on a dynamic threshold (the current time).

3. Algorithmic pattern used

This problem is solved using a Hash Map to track token expirations.

• Map<String, Integer> tokens: Stores tokenId -> expirationTime.
• generate(tokenId, currentTime): Add tokenId to map with value currentTime + timeToLive.
• renew(tokenId, currentTime): Check if the token exists and tokens.get(tokenId) > currentTime. If so, update the expiration to currentTime + timeToLive.
• countUnexpiredTokens(currentTime): Iterate through the map and count how many tokens have an expiration time strictly greater than currentTime.

4. Example explanation

TTL = 5.

1. generate("user1", 1): user1 expires at 6.
2. renew("user1", 2): 2 < 6, so renew. user1 now expires at 7.
3. countUnexpired(6): 7 > 6, so user1 is active. Count = 1.
4. renew("user1", 8): 8 is not < 7. Token already expired. No renewal.
5. countUnexpired(8): Count = 0.

5. Common mistakes candidates make

• Renewal logic: Allowing an expired token to be renewed. The problem usually specifies that only active tokens can be extended.
• Boundary conditions: Using >= instead of > for expiration checks. A token is usually considered expired at its expiration time.
• Performance: For countUnexpired, if there are many tokens, $O(N)$ iteration might be slow. An Ordered Map (TreeMap) or a Doubly-Linked List (like an LRU cache) could optimize the count to $O(\log N)$ or even $O(1)$ by removing expired tokens lazily.

6. Interview preparation tip

Always ask if you should "clean up" expired tokens. While not strictly necessary for the count, deleting expired tokens from the map during countUnexpired or renew prevents memory leaks in a long-running system.