0
0
GraphQLquery~20 mins

Directive-based authorization in GraphQL - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Directive Authorization Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
query_result
intermediate
2:00remaining
What is the result of this GraphQL query with directive-based authorization?

Given this GraphQL schema snippet with a directive @auth(role: "ADMIN") on the secretData field, what will be the result of the query below if the user role is USER?

query {
  secretData
}
GraphQL
type Query {
  secretData: String @auth(role: "ADMIN")
}
A{ "data": {} }
B{ "data": { "secretData": null } }
C{ "data": { "secretData": "Top secret info" } }
D{ "errors": [{ "message": "Not authorized" }] }
Attempts:
2 left
💡 Hint

Think about what happens when a user without the required role tries to access a protected field.

🧠 Conceptual
intermediate
1:30remaining
Which statement best describes directive-based authorization in GraphQL?

Choose the correct description of how directive-based authorization works in GraphQL schemas.

ADirectives are only used for formatting query results, not for security.
BDirectives replace the need for authentication by validating user identity.
CDirectives are used to define access rules on schema fields that the server enforces during query execution.
DDirectives automatically encrypt data fields before sending them to clients.
Attempts:
2 left
💡 Hint

Consider what role directives play in controlling access to data.

📝 Syntax
advanced
2:00remaining
Identify the syntax error in this directive definition

Which option shows the correct way to define a custom @auth directive that accepts a role argument of type String?

GraphQL
directive @auth(role: String) on FIELD_DEFINITION
Adirective @auth(role: String) on FIELD_DEFINITION
Bdirective @auth(role String) on FIELD_DEFINITION
Cdirective @auth(role: "String") on FIELD_DEFINITION
Ddirective @auth(role: String!) on FIELD_DEFINITION
Attempts:
2 left
💡 Hint

Remember the syntax for defining arguments in directives.

optimization
advanced
2:30remaining
How to optimize directive-based authorization for multiple roles?

You want to allow access to a field for users with roles ADMIN or MODERATOR. Which directive usage is the most efficient and correct?

A@auth(roles: ["ADMIN", "MODERATOR"])
B@auth(role: ["ADMIN", "MODERATOR"])
C@auth(role: "ADMIN") @auth(role: "MODERATOR")
D@auth(role: "ADMIN,MODERATOR")
Attempts:
2 left
💡 Hint

Think about how to pass multiple values as an argument in GraphQL directives.

🔧 Debug
expert
3:00remaining
Why does this directive-based authorization fail to block unauthorized access?

Given this schema snippet, unauthorized users can still access privateInfo. What is the likely cause?

directive @auth(role: String) on FIELD_DEFINITION

type Query {
  privateInfo: String @auth(role: "ADMIN")
}
AThe directive is defined but not implemented in the server resolver logic.
BThe directive argument should be <code>roles</code> instead of <code>role</code>.
CThe directive must be applied on the <code>type Query</code> instead of the field.
DThe directive syntax is invalid and causes the server to ignore it.
Attempts:
2 left
💡 Hint

Defining a directive in the schema is not enough to enforce authorization.