0
0
NestJSframework~20 mins

Why authentication secures NestJS APIs - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
NestJS Authentication Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What is the primary role of authentication in NestJS APIs?
Authentication in NestJS APIs is mainly used to:
AEncrypt all data sent between client and server
BAutomatically log all user actions in the API
CVerify the identity of users before granting access to API resources
DOptimize API response times by caching user data
Attempts:
2 left
💡 Hint
Think about what authentication means in everyday life, like showing an ID to prove who you are.
component_behavior
intermediate
2:00remaining
What happens when a NestJS API receives a request without valid authentication?
If a request to a protected NestJS API route lacks valid authentication, the API will:
AProcess the request normally without restrictions
BReturn a 401 Unauthorized error and deny access
CRedirect the user to the homepage
DLog the user in automatically with default credentials
Attempts:
2 left
💡 Hint
Think about what should happen if someone tries to enter a locked door without a key.
state_output
advanced
2:00remaining
What is the output of this NestJS guard when authentication fails?
Consider this simplified NestJS guard code snippet that checks authentication: 
canActivate(context: ExecutionContext): boolean {
  const request = context.switchToHttp().getRequest();
  if (!request.user) {
    throw new UnauthorizedException('User not authenticated');
  }
  return true;
}
What will the API respond with if the request has no user?
NestJS
canActivate(context: ExecutionContext): boolean {
  const request = context.switchToHttp().getRequest();
  if (!request.user) {
    throw new UnauthorizedException('User not authenticated');
  }
  return true;
}
AHTTP 401 Unauthorized with message 'User not authenticated'
BHTTP 403 Forbidden with message 'Access denied'
CHTTP 200 OK with empty response
DHTTP 500 Internal Server Error
Attempts:
2 left
💡 Hint
UnauthorizedException in NestJS sends a 401 status code.
📝 Syntax
advanced
2:00remaining
Which code snippet correctly applies authentication guard to a NestJS controller route?
You want to protect a NestJS controller route so only authenticated users can access it. Which code correctly applies the AuthGuard?
A
@UseGuards(AuthGuard('jwt'))
@Get('profile')
getProfile() {
  return 'User profile';
}
B
@UseGuards('jwt')
@Get('profile')
getProfile() {
  return 'User profile';
}
C
@UseGuards(AuthGuard)
@Get('profile')
getProfile() {
  return 'User profile';
}
D
@UseGuards(AuthGuard('local'))
@Get('profile')
getProfile() {
  return 'User profile';
}
Attempts:
2 left
💡 Hint
AuthGuard needs the strategy name as a string argument inside parentheses.
🔧 Debug
expert
3:00remaining
Why does this NestJS API allow access without authentication despite using AuthGuard?
Given this NestJS controller code: 
@Controller('data')
export class DataController {
  @Get()
  @UseGuards(AuthGuard('jwt'))
  getData() {
    return 'Protected data';
  }

  @Get('public')
  getPublicData() {
    return 'Public data';
  }
}
A user can access the 'getData' route without a token. What is the most likely reason?
NestJS
@Controller('data')
export class DataController {
  @Get()
  @UseGuards(AuthGuard('jwt'))
  getData() {
    return 'Protected data';
  }

  @Get('public')
  getPublicData() {
    return 'Public data';
  }
}
AThe JWT strategy is incorrectly named and does not match the guard argument
BThe 'getData' method is missing the @UseGuards decorator
CThe controller is missing the @UseGuards decorator at the class level
DThe AuthGuard is not registered globally or in the module, so it does not enforce authentication
Attempts:
2 left
💡 Hint
Guards must be properly registered and the strategy must be configured in the module.