0
0
Expressframework~20 mins

Why authorization differs from authentication in Express - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Authorization vs Authentication Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Understanding Authentication in Express
What is the primary purpose of authentication in an Express application?
ATo log user activity for auditing purposes
BTo verify the identity of a user trying to access the system
CTo encrypt user data before sending it to the client
DTo determine what resources a user can access
Attempts:
2 left
💡 Hint

Think about the step where the system checks who you are.

🧠 Conceptual
intermediate
1:30remaining
Understanding Authorization in Express
What does authorization control in an Express application?
AIt controls which resources or actions a verified user is allowed to access or perform
BIt verifies the user's identity using tokens
CIt manages session expiration times
DIt encrypts passwords before storing them
Attempts:
2 left
💡 Hint

Think about what happens after the system knows who you are.

component_behavior
advanced
2:00remaining
Behavior of Authentication Middleware in Express
Given the following Express middleware, what happens if the user is not authenticated?
Express
function authMiddleware(req, res, next) {
  if (!req.user) {
    return res.status(401).send('Unauthorized');
  }
  next();
}
AThe middleware sends a 401 Unauthorized response and stops further processing
BThe middleware allows the request to continue to the next handler
CThe middleware throws a runtime error
DThe middleware redirects the user to the home page
Attempts:
2 left
💡 Hint

Look at the condition checking req.user and the response sent.

component_behavior
advanced
2:00remaining
Authorization Check in Express Route
In this Express route, what will happen if the authenticated user does not have the 'admin' role?
Express
app.get('/admin', (req, res) => {
  if (!req.user?.roles.includes('admin')) {
    return res.status(403).send('Forbidden');
  }
  res.send('Welcome Admin');
});
AThe server responds with 401 Unauthorized
BThe server sends 'Welcome Admin' regardless of user role
CThe server crashes with a TypeError
DThe server responds with 403 Forbidden and does not send 'Welcome Admin'
Attempts:
2 left
💡 Hint

Check the condition that tests the user's roles.

📝 Syntax
expert
2:30remaining
Identify the Error in Authentication Middleware
What error will this Express authentication middleware produce when a request is made?
Express
function auth(req, res, next) {
  if (req.headers.authorization === undefined) {
    return res.status(401).send('No token');
  }
  next();
}
AThe middleware causes a syntax error due to missing braces
BThe middleware throws a ReferenceError because next is undefined
CThe middleware calls next() even after sending a response, causing headers to be sent twice
DThe middleware correctly stops processing after sending 401
Attempts:
2 left
💡 Hint

Consider what happens after res.status(401).send() is called.