0
0
Flaskframework~20 mins

OAuth2 overview in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
OAuth2 Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What is the main purpose of OAuth2 in web applications?

OAuth2 is widely used in web apps. What does it mainly help with?

AIt allows users to log in using credentials from another service without sharing passwords.
BIt encrypts all data sent between client and server automatically.
CIt manages database connections for faster queries.
DIt provides a way to write server-side code in multiple languages.
Attempts:
2 left
💡 Hint

Think about how you can sign into apps using Google or Facebook accounts.

component_behavior
intermediate
2:00remaining
What happens after a user grants permission in OAuth2 flow?

In OAuth2, after the user allows access, what does the client receive to continue?

AThe user's password to authenticate future requests.
BA direct connection to the user's database.
CA refresh token that immediately expires.
DAn access token that the client uses to access protected resources.
Attempts:
2 left
💡 Hint

Think about what the client needs to call APIs on behalf of the user.

📝 Syntax
advanced
2:00remaining
Identify the correct Flask route to start OAuth2 authorization with a provider.

Which Flask route code correctly redirects the user to the OAuth2 provider's authorization URL?

Flask
from flask import Flask, redirect
app = Flask(__name__)

@app.route('/login')
def login():
    authorization_url = 'https://provider.com/oauth2/auth?client_id=abc&response_type=code'
    # Redirect user to authorization URL
    return redirect(authorization_url)
Aauthorization_url
Breturn authorization_url
Credirect(authorization_url)
Dredirect('/home')
Attempts:
2 left
💡 Hint

Flask has a function to send users to another URL.

state_output
advanced
2:00remaining
What is the value of 'token' after exchanging code in OAuth2?

Given this Flask snippet exchanging an authorization code, what is the value of token?

Flask
from flask import Flask, request
import requests
app = Flask(__name__)

@app.route('/callback')
def callback():
    code = request.args.get('code')
    response = requests.post('https://provider.com/oauth2/token', data={
        'client_id': 'abc',
        'client_secret': 'xyz',
        'code': code,
        'grant_type': 'authorization_code'
    })
    token = response.json().get('access_token')
    return token
AA string token like 'ya29.a0AfH6SM...' used to access APIs.
BThe original authorization code sent by the provider.
CA JSON object containing user profile information.
DAn error message string if the code is invalid.
Attempts:
2 left
💡 Hint

What does the token endpoint return after exchanging the code?

🔧 Debug
expert
2:00remaining
Why does this OAuth2 Flask callback raise a KeyError?

Consider this Flask callback code snippet. Why does it raise a KeyError?

Flask
from flask import Flask, request
import requests
app = Flask(__name__)

@app.route('/callback')
def callback():
    code = request.args.get('code')
    response = requests.post('https://provider.com/oauth2/token', data={
        'client_id': 'abc',
        'client_secret': 'xyz',
        'code': code,
        'grant_type': 'authorization_code'
    })
    token = response.json()['access_token']
    return token
AThe 'code' variable is None because the URL has no 'code' parameter.
BThe response JSON does not contain 'access_token' key, causing KeyError.
CThe requests.post call is missing headers, causing a failed request.
DFlask routes cannot return strings directly, causing an error.
Attempts:
2 left
💡 Hint

Check what happens if the token endpoint returns an error response.