Challenge - 5 Problems

🎖️

Auth Mastery Badge

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

What is a key difference between session-based and token-based authentication?

Choose the option that best describes a fundamental difference between session-based and token-based authentication methods.

ASession-based auth stores user data on the server, while token-based auth stores user data on the client.

BSession-based auth requires the client to send a token with every request, token-based does not.

CToken-based auth stores session data on the server, session-based stores it in cookies.

DToken-based auth only works with cookies, session-based only with local storage.

Attempts:

2 left

❓ component_behavior

intermediate

2:00remaining

What happens when a token expires in token-based authentication?

In token-based authentication, what is the typical behavior when the token expires?

AThe server automatically renews the token without client action.

BThe session on the server is cleared but the token remains valid.

CThe client must re-authenticate to get a new token.

DThe token silently refreshes in the background without user notice.

Attempts:

2 left

🔧 Debug

advanced

3:00remaining

Why does this session-based auth code fail to keep user logged in?

Examine the Node.js Express code below. Why does the user get logged out immediately after login?

Node.js

app.post('/login', (req, res) => {
  const user = authenticate(req.body.username, req.body.password);
  if (user) {
    req.session.user = user;
    res.redirect('/dashboard');
  } else {
    res.status(401).send('Login failed');
  }
});

app.get('/dashboard', (req, res) => {
  if (!req.session.user) {
    res.redirect('/login');
  } else {
    res.send(`Welcome ${req.session.user.name}`);
  }
});

AThe session cookie is set to expire immediately.

BThe authenticate function returns null causing session.user to be undefined.

CThe redirect after login clears the session data.

DThe session middleware is not configured or used in the app.

Attempts:

2 left

📝 Syntax

advanced

2:00remaining

Which code snippet correctly verifies a JWT token in Node.js?

Choose the code snippet that correctly verifies a JWT token using the jsonwebtoken library.

Ajwt.verify(token, secret, (err, decoded) => { if (err) throw err; console.log(decoded); });

Bjwt.verify(token, (err, decoded) => { if (err) throw err; console.log(decoded); });

Cjwt.decode(token, secret, (err, decoded) => { if (err) throw err; console.log(decoded); });

Djwt.check(token, secret, (err, decoded) => { if (err) throw err; console.log(decoded); });

Attempts:

2 left

❓ state_output

expert

2:30remaining

What is the output of this token-based auth middleware when token is missing?

Given the following Express middleware, what response does the server send if the request has no Authorization header?

Node.js

function authMiddleware(req, res, next) {
  const authHeader = req.headers['authorization'];
  if (!authHeader) {
    return res.status(401).json({ error: 'No token provided' });
  }
  const token = authHeader.split(' ')[1];
  jwt.verify(token, 'secret', (err, user) => {
    if (err) return res.status(403).json({ error: 'Invalid token' });
    req.user = user;
    next();
  });
}

AServer crashes with TypeError

B{"error":"No token provided"} with status 401

CNext middleware is called without error

D{"error":"Invalid token"} with status 403

Attempts:

2 left