0
0
Supabasecloud~20 mins

Email/password authentication in Supabase - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Supabase Email/Password Authentication Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
What happens after a successful email/password sign-up in Supabase?

When a user signs up with email and password using Supabase's authentication, what is the immediate state of the user's session?

AThe user must manually log in after sign-up; no session is created automatically.
BThe user receives an email with a magic link but no session token is created.
CThe user receives a session token and is automatically logged in.
DThe user is blocked until an admin approves the account.
Attempts:
2 left
💡 Hint

By default, Supabase requires email confirmation before creating a session.

security
intermediate
2:00remaining
Which Supabase setting improves security for email/password sign-in?

To reduce the risk of unauthorized access, which Supabase authentication setting should be enabled for email/password sign-in?

ADisable JWT expiration to keep sessions valid indefinitely.
BDisable password complexity requirements to allow easy passwords.
CAllow anonymous sign-in alongside email/password sign-in.
DEnable email confirmations to require users to verify their email before login.
Attempts:
2 left
💡 Hint

Verifying email ownership helps confirm user identity.

Configuration
advanced
2:00remaining
Which Supabase client code snippet correctly signs in a user with email and password?

Choose the code snippet that correctly signs in a user using Supabase's JavaScript client.

Supabase
const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key');
Aconst { data, error } = await supabase.auth.signIn({ email: 'user@example.com', password: 'password123' });
Bconst { data, error } = await supabase.auth.signInWithPassword({ email: 'user@example.com', password: 'password123' });
Cconst { data, error } = await supabase.auth.login({ email: 'user@example.com', password: 'password123' });
Dconst { data, error } = await supabase.auth.signInUser({ email: 'user@example.com', password: 'password123' });
Attempts:
2 left
💡 Hint

Check the official method name for email/password sign-in in Supabase JS client.

Architecture
advanced
2:00remaining
What is the best way to securely store user passwords in Supabase's backend?

Supabase uses PostgreSQL and built-in authentication. How does it handle user password storage securely?

APasswords are encrypted with a reversible key stored in the client app.
BPasswords are stored in plain text for quick retrieval.
CPasswords are hashed with a strong algorithm and salted before storage in the database.
DPasswords are stored as base64 encoded strings in the database.
Attempts:
2 left
💡 Hint

Think about best practices for password storage in any secure system.

Best Practice
expert
3:00remaining
How should you handle password reset securely in a Supabase email/password system?

Which approach follows best security practices for password reset flows in Supabase?

ASend a time-limited, single-use password reset link to the user's verified email address.
BSend the user's current password in plain text via email for convenience.
CAllow password reset without email verification to speed up the process.
DReset the password automatically when the user clicks a link without any token.
Attempts:
2 left
💡 Hint

Consider how to prevent unauthorized password changes.