0
0
GraphQLquery~20 mins

Context-based authentication in GraphQL - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Context Auth Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What is the main purpose of context-based authentication in GraphQL?

Imagine you have a GraphQL API that needs to allow users to access data only if they are logged in and have the right permissions. What is the main role of context-based authentication in this scenario?

AIt stores user information and permissions during a request to control access to data.
BIt automatically encrypts all data sent between client and server.
CIt caches query results to speed up repeated requests.
DIt validates the syntax of GraphQL queries before execution.
Attempts:
2 left
💡 Hint

Think about how the server knows who is making the request and what they are allowed to see.

query_result
intermediate
2:00remaining
What will this GraphQL resolver return with context-based authentication?

Given this resolver snippet, what will be the output if the user is not authenticated?

GraphQL
const resolver = (parent, args, context) => {
  if (!context.user) {
    return 'Access denied';
  }
  return 'Welcome ' + context.user.name;
};

// context = {} (no user key)
A"Welcome undefined"
Bnull
C"Access denied"
DError: Cannot read property 'name' of undefined
Attempts:
2 left
💡 Hint

Check what happens when context.user is missing.

📝 Syntax
advanced
2:00remaining
Identify the syntax error in this GraphQL context setup code

Which option correctly fixes the syntax error in this GraphQL server context function?

GraphQL
const server = new ApolloServer({
  typeDefs,
  resolvers,
  context: ({ req }) => {
    const token = req.headers.authorization;
    if (!token) {
      throw new Error('No token');
    }
    const user = getUserFromToken(token);
    return { user };
  }
});
AWrap the context function body in curly braces and add a return statement.
BAdd a comma after 'req.headers.authorization' to separate statements.
CAdd a semicolon after each statement inside the context function.
DNo syntax error; the code is correct as is.
Attempts:
2 left
💡 Hint

Check if the arrow function syntax and object return are valid.

optimization
advanced
2:00remaining
How to optimize context-based authentication for performance?

You want to avoid decoding the user token multiple times in nested resolvers. Which approach optimizes context-based authentication?

ADecode the token in every resolver that needs user info.
BDecode the token once in the context function and pass the user info down to all resolvers.
CStore the token in a global variable accessible by all resolvers.
DSkip token decoding and trust client-provided user info.
Attempts:
2 left
💡 Hint

Think about doing work once per request instead of multiple times.

🔧 Debug
expert
3:00remaining
Why does this GraphQL query fail with 'Cannot read property of undefined' error?

Consider this resolver code snippet:

const resolver = (parent, args, context) => {
  if (context.user.role !== 'admin') {
    throw new Error('Unauthorized');
  }
  return 'Secret data';
};

// context = {} (empty object)

Why does this code cause an error?

ABecause <code>context.user</code> is undefined, so accessing <code>role</code> causes an error.
BBecause the resolver is missing a return statement for unauthorized users.
CBecause the <code>context</code> object should not be empty; it must be null.
DBecause the error message is misspelled.
Attempts:
2 left
💡 Hint

Check what happens when you try to access a property of something that does not exist.