0
0
Rest APIprogramming~20 mins

Authorization code flow in Rest API - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Authorization Code Flow Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the final access token value?

Consider the following simplified steps of an Authorization Code Flow in a REST API:

  1. Client redirects user to authorization server with client_id and redirect_uri.
  2. User logs in and authorizes the client.
  3. Authorization server redirects back with a code.
  4. Client exchanges the code for an access token.

Given the code snippet below simulating the token exchange, what is the value of access_token after execution?

Rest API
def exchange_code_for_token(code):
    if code == "auth123":
        return {"access_token": "token_abc123", "expires_in": 3600}
    else:
        return {"error": "invalid_code"}

response = exchange_code_for_token("auth123")
access_token = response.get("access_token", None)
print(access_token)
ANone
Binvalid_code
Ctoken_abc123
Dauth123
Attempts:
2 left
💡 Hint

Look at what the function returns when the code matches "auth123".

🧠 Conceptual
intermediate
1:30remaining
Which step is missing in this Authorization Code Flow?

In the Authorization Code Flow, the client first redirects the user to the authorization server. The user logs in and the server redirects back with a code. The client then uses this code to request an access token.

Which important step is missing from this description?

AUser enters their password twice
BAuthorization server sends refresh token before access token
CClient directly receives the access token without a code
DClient authenticates itself when exchanging the code for the token
Attempts:
2 left
💡 Hint

Think about how the client proves it is allowed to exchange the code.

🔧 Debug
advanced
2:00remaining
Why does this token exchange request fail?

Look at the HTTP POST request below that the client sends to exchange the authorization code for an access token:

POST /token HTTP/1.1
Host: auth.example.com
Content-Type: application/x-www-form-urlencoded

code=abc123&redirect_uri=https://client.app/callback

The server responds with an error: invalid_client.

What is the most likely reason for this error?

AThe client did not include its client_id and client_secret in the request
BThe redirect_uri does not match the one used in the authorization request
CThe authorization code is expired
DThe Content-Type header is incorrect
Attempts:
2 left
💡 Hint

Think about how the server verifies the client identity during token exchange.

📝 Syntax
advanced
2:30remaining
Which code snippet correctly extracts the authorization code from a redirect URL?

A client receives a redirect URL after user authorization:

https://client.app/callback?code=xyz789&state=abc

Which Python code correctly extracts the code parameter value?

A
from urllib.parse import urlparse, parse_qs
url = 'https://client.app/callback?code=xyz789&state=abc'
query = urlparse(url).query
code = parse_qs(query)['code'][0]
print(code)
B
url = 'https://client.app/callback?code=xyz789&state=abc'
code = url.split('code=')[1].split('&')[0]
print(code)
C
url = 'https://client.app/callback?code=xyz789&state=abc'
code = url.split('?')[1].split('=')[1]
print(code)
D
url = 'https://client.app/callback?code=xyz789&state=abc'
code = url.split('&')[0].split('=')[1]
print(code)
Attempts:
2 left
💡 Hint

Use standard Python libraries to parse URLs safely.

🚀 Application
expert
3:00remaining
What is the correct sequence of steps in the Authorization Code Flow?

Order the following steps correctly as they happen in the Authorization Code Flow:

A2,1,3,4
B1,2,3,4
C1,3,2,4
D3,2,1,4
Attempts:
2 left
💡 Hint

Think about the natural order of user interaction and server responses.