0
0
Ruby on Railsframework~20 mins

OAuth integration basics in Ruby on Rails - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
OAuth Integration Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens after successful OAuth callback in Rails?
In a Rails app using OAuth, after the user authorizes the app and the OAuth provider redirects back, what is the typical next step in the controller handling the callback?
AThe app sends an email to the user asking to confirm the OAuth authorization.
BThe app immediately redirects the user to the OAuth provider's homepage.
CThe app deletes the user session and logs the user out.
DThe app exchanges the received code for an access token and creates or updates the user session.
Attempts:
2 left
💡 Hint
Think about what the app needs to do to get permission to act on the user's behalf.
📝 Syntax
intermediate
2:00remaining
Identify the correct OmniAuth middleware setup in Rails
Which of the following is the correct way to configure OmniAuth middleware for GitHub OAuth in a Rails app's config/initializers/omniauth.rb?
A
Rails.middleware.use OmniAuth::Builder do
  provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET']
end
B
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET']
end
C
Rails.application.config.middleware.add OmniAuth::Builder do
  provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET']
end
D
Rails.application.middleware.use OmniAuth::Builder do
  provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET']
end
Attempts:
2 left
💡 Hint
Check the exact method to add middleware in Rails application config.
🔧 Debug
advanced
2:00remaining
Why does the OAuth callback fail with 'invalid redirect_uri' error?
A Rails app using OAuth gets an 'invalid redirect_uri' error from the provider during callback. What is the most likely cause?
AThe redirect_uri sent in the OAuth request does not exactly match the one registered in the OAuth provider settings.
BThe OAuth client ID is missing from the request parameters.
CThe user denied the OAuth authorization request.
DThe Rails app is missing the CSRF token in the callback request.
Attempts:
2 left
💡 Hint
OAuth providers require exact URL matches for security.
state_output
advanced
2:00remaining
What is stored in session after OAuth login?
After a successful OAuth login in a Rails app, which of the following is the most common data stored in the session?
AThe user's OAuth access token and refresh token in plain text.
BThe entire OAuth response hash including sensitive tokens.
CThe user's unique ID or user record ID to identify the logged-in user.
DThe user's password in encrypted form.
Attempts:
2 left
💡 Hint
Think about what minimal info is needed to keep the user logged in securely.
🧠 Conceptual
expert
3:00remaining
Why use OAuth scopes in integration?
In OAuth integration, why do apps request specific scopes during authorization?
ATo limit the app's access to only the permissions it needs, enhancing user trust and security.
BTo speed up the OAuth authorization process by skipping user consent.
CTo allow the app to access all user data without restrictions.
DTo automatically refresh the access token without user interaction.
Attempts:
2 left
💡 Hint
Think about why apps ask for permission to access only some data, not everything.