0
0
Firebasecloud~20 mins

Custom authentication tokens in Firebase - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Firebase Custom Token Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
What happens when a Firebase custom token expires?
You create a Firebase custom authentication token with a 1-hour expiration. What happens if a client tries to use this token after it expires?
AThe client is denied access and must request a new token to authenticate again.
BThe client can continue using the expired token without interruption.
CFirebase automatically refreshes the token without client intervention.
DThe client is permanently blocked from accessing Firebase services.
Attempts:
2 left
💡 Hint
Think about how tokens maintain security by limiting their valid time.
Configuration
intermediate
2:00remaining
Which Firebase Admin SDK method creates a custom token?
You want to generate a custom authentication token for a user with ID 'user123'. Which Firebase Admin SDK method correctly creates this token?
Aadmin.auth().signInWithCustomToken('user123')
Badmin.auth().generateToken('user123')
Cadmin.auth().createCustomToken('user123')
Dadmin.auth().getCustomToken('user123')
Attempts:
2 left
💡 Hint
Look for the method that explicitly mentions 'create' and 'CustomToken'.
security
advanced
2:00remaining
What is the best practice to secure the private key used for signing Firebase custom tokens?
You have a private key to sign Firebase custom tokens. Which practice best protects this key?
AStore the private key in a secure environment variable or secret manager, never in client code.
BEmbed the private key directly in the client app for faster token generation.
CShare the private key with all developers via email for easy access.
DCommit the private key to the public source code repository for transparency.
Attempts:
2 left
💡 Hint
Think about who should have access to sensitive keys and where they should be stored.
Architecture
advanced
2:00remaining
How should you architect a system to issue Firebase custom tokens for users authenticated by an external system?
You have an external user database and want to allow those users to access Firebase services using custom tokens. What architecture best supports this?
AUse Firebase client SDK to create custom tokens without backend verification.
BAllow clients to generate custom tokens directly using the Firebase Admin SDK in the frontend.
CStore Firebase private keys in the external user database for token generation.
DCreate a secure backend service that verifies external user credentials and issues Firebase custom tokens on demand.
Attempts:
2 left
💡 Hint
Consider where sensitive operations like token signing should happen.
🧠 Conceptual
expert
2:00remaining
What is the main difference between Firebase custom tokens and ID tokens?
Firebase uses both custom tokens and ID tokens in authentication. What is the key difference between them?
AID tokens are created by your backend; custom tokens are issued by Firebase after sign-in.
BCustom tokens are short-lived tokens created by your backend to sign in users; ID tokens are issued by Firebase after sign-in and used to authorize requests.
CCustom tokens and ID tokens are the same and can be used interchangeably.
DID tokens are used only for anonymous users; custom tokens are for registered users.
Attempts:
2 left
💡 Hint
Think about who creates each token and when they are used.