0
0
NextJSframework~20 mins

Provider configuration (OAuth, credentials) in NextJS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
OAuth Provider Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
OAuth Provider Redirect Behavior

In a Next.js app using NextAuth.js, what happens immediately after a user successfully signs in with an OAuth provider?

NextJS
import NextAuth from "next-auth";
import GitHubProvider from "next-auth/providers/github";

export default NextAuth({
  providers: [
    GitHubProvider({
      clientId: process.env.GITHUB_ID,
      clientSecret: process.env.GITHUB_SECRET
    })
  ],
  pages: {
    signIn: '/auth/signin'
  },
  callbacks: {
    async redirect({ url, baseUrl }) {
      return url.startsWith(baseUrl) ? url : baseUrl;
    }
  },
  debug: false
});
AThe user is redirected to the URL returned by the redirect callback or the default base URL.
BThe user stays on the sign-in page and must manually refresh to see the authenticated state.
CThe OAuth provider returns an error because redirect is not supported in NextAuth.js.
DThe user is redirected to the OAuth provider's homepage instead of the app.
Attempts:
2 left
💡 Hint

Consider the role of the redirect callback after successful authentication.

📝 Syntax
intermediate
2:00remaining
Correct Credentials Configuration for OAuth Provider

Which option correctly configures the Google OAuth provider credentials in NextAuth.js?

NextJS
import NextAuth from "next-auth";
import GoogleProvider from "next-auth/providers/google";

export default NextAuth({
  providers: [
    GoogleProvider({
      clientId: "your-client-id",
      clientSecret: "your-client-secret"
    })
  ]
});
AGoogleProvider({ client_id: process.env.GOOGLE_CLIENT_ID, client_secret: process.env.GOOGLE_CLIENT_SECRET })
BGoogleProvider({ clientId: process.env.GOOGLE_CLIENT_SECRET, clientSecret: process.env.GOOGLE_CLIENT_ID })
CGoogleProvider({ clientId: process.env.GOOGLE_CLIENT_ID, clientSecret: process.env.GOOGLE_CLIENT_SECRET })
DGoogleProvider({ clientId: "", clientSecret: "" })
Attempts:
2 left
💡 Hint

Check the exact property names required by the provider.

🔧 Debug
advanced
2:00remaining
Fixing Credential Provider Callback Error

Given this NextAuth.js credential provider configuration, what error will occur and why?

NextJS
import NextAuth from "next-auth";
import CredentialsProvider from "next-auth/providers/credentials";

export default NextAuth({
  providers: [
    CredentialsProvider({
      name: "Credentials",
      credentials: {
        username: { label: "Username", type: "text" },
        password: { label: "Password", type: "password" }
      },
      async authorize(credentials) {
        if (!credentials) return null;
        if (credentials.username === "admin" && credentials.password === "pass") {
          return { id: 1, name: "Admin" };
        }
        return null;
      }
    })
  ]
});
ARuntime error because CredentialsProvider is not imported correctly.
BTypeError because credentials can be undefined and properties accessed without check.
CSyntaxError due to missing return statement in authorize function.
DNo error; the user is authenticated if credentials match.
Attempts:
2 left
💡 Hint

Consider what happens if credentials is undefined.

state_output
advanced
2:00remaining
Session Object Content After OAuth Sign In

After a user signs in with an OAuth provider in NextAuth.js, what does the session object typically contain?

NextJS
import { useSession } from "next-auth/react";

export default function Profile() {
  const { data: session } = useSession();
  return <pre>{JSON.stringify(session, null, 2)}</pre>;
}
AAn object with <code>user</code> (name, email, image), <code>expires</code> timestamp, and optionally <code>accessToken</code>.
BA string with the user's email only.
CAn empty object because session is not set automatically.
DOnly the OAuth provider's raw token string.
Attempts:
2 left
💡 Hint

Think about what information NextAuth.js stores in session by default.

🧠 Conceptual
expert
2:00remaining
Security Implication of Storing OAuth Credentials in Client Code

What is the main security risk if OAuth client secrets are exposed in client-side Next.js code instead of server-side configuration?

AThe app will run slower due to client-side secret usage.
BThe OAuth provider will reject all authentication requests automatically.
CThere is no risk because client secrets are public by design.
DAnyone can see the client secret and impersonate the app to the OAuth provider, risking unauthorized access.
Attempts:
2 left
💡 Hint

Consider what client secrets protect and who can access client-side code.