Challenge - 5 Problems

🎖️

Authentication Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Understanding Authentication Error Propagation

In a GraphQL API, when a user provides invalid credentials, how should the authentication error be handled in the resolver context to ensure the client receives a clear message?

AThrow an error inside the resolver without catching it, so the GraphQL server sends a generic error message.

BReturn null from the resolver and log the error only on the server side without informing the client.

CAttach an authentication error to the context and throw a specific AuthenticationError that the client can catch and display.

DIgnore the error and return default data to avoid breaking the query.

Attempts:

2 left

❓ query_result

intermediate

2:00remaining

Result of Query with Missing Authentication Token

Given a GraphQL query that requires authentication, what will be the result if the request is sent without an authentication token and the server uses context to check authentication?

GraphQL

query {
  userProfile {
    id
    name
  }
}

A{"errors":[{"message":"Internal server error"}],"data":null}

B{"data":{"userProfile":{"id":"123","name":"Alice"}}}

C{"data":{"userProfile":null}}

D{"errors":[{"message":"Authentication token missing","locations":[{"line":2,"column":3}],"path":["userProfile"]}],"data":{"userProfile":null}}

Attempts:

2 left

📝 Syntax

advanced

2:00remaining

Identify the Syntax Error in Authentication Middleware

Which option contains a syntax error in this GraphQL authentication middleware snippet that adds user info to context?

GraphQL

function context({ req }) {
  const token = req.headers.authorization || ''
  if (!token) {
    throw new AuthenticationError('No token')
  }
  const user = verifyToken(token)
  return { user }
}

function context({ req }) {
  const token = req.headers.authorization || ''
  if (!token) {
    throw new AuthenticationError('No token')
  }
  const user = verifyToken(token)
  return { user }
}

function context(req) {
  const token = req.headers.authorization || ''
  if (!token) {
    throw new AuthenticationError('No token')
  }
  const user = verifyToken(token)
  return { user }
}

function context({ req }) {
  const token = req.headers.authorization || ''
  if (!token) {
    throw new AuthenticationError('No token')
  }
  const user = verifyToken(token)
  return user
}

function context({ req }) {
  const token = req.headers.authorization || ''
  if (!token) {
    throw new AuthenticationError('No token')
  }
  const user = verifyToken(token)
  return { user: user }
}

Attempts:

2 left

❓ optimization

advanced

2:00remaining

Optimizing Authentication Checks in GraphQL Context

Which option best optimizes authentication checks in the GraphQL context function to avoid redundant token verification on every resolver call?

AVerify the token once in the context function and attach the user info to context for all resolvers.

BVerify the token inside each resolver separately to keep context simple.

CSkip token verification and trust client-provided user info in context.

DVerify the token in a middleware before GraphQL execution and pass user info via context.

Attempts:

2 left

🔧 Debug

expert

3:00remaining

Debugging Unexpected Authentication Error in Context

A GraphQL server returns an 'AuthenticationError: Invalid token' even when a valid token is sent. The context function is:

function context({ req }) {
  const token = req.headers.authorization.split(' ')[1]
  const user = verifyToken(token)
  return { user }
}

What is the most likely cause of the error?

AThe token is being split incorrectly because the authorization header is undefined or empty.

BThe verifyToken function is not imported correctly, causing it to always throw an error.

CThe authorization header is missing the 'Bearer' prefix, causing split to fail.

DThe context function does not return the user object properly.

Attempts:

2 left