0
0
Supabasecloud~20 mins

OAuth providers (Google, GitHub) in Supabase - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
OAuth Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
OAuth Sign-in Flow Behavior

When a user signs in using Google OAuth via Supabase, what is the expected behavior immediately after successful authentication?

AThe user must manually refresh the page to complete sign-in.
BThe user is redirected to the callback URL with an access token in the URL fragment.
CThe user receives an email with a verification link before access is granted.
DThe user is redirected to the homepage without any token or session information.
Attempts:
2 left
💡 Hint

Think about how OAuth typically returns tokens after authentication.

Configuration
intermediate
2:00remaining
Configuring GitHub OAuth in Supabase

Which of the following is required to configure GitHub OAuth provider in Supabase?

AGitHub OAuth redirect URI set to 'https://github.com/login/oauth/authorize'.
BGitHub username and password for API access.
CGitHub Client ID and Client Secret from GitHub Developer Settings.
DA personal access token with repo permissions.
Attempts:
2 left
💡 Hint

Consider what OAuth apps require to identify themselves.

security
advanced
2:00remaining
Preventing OAuth Redirect URI Mismatch

What is the most secure way to avoid redirect URI mismatch errors when configuring OAuth providers in Supabase?

ASet the redirect URI to 'http://localhost' for all environments.
BUse a wildcard redirect URI like 'https://*.example.com/callback' to allow all subdomains.
CLeave the redirect URI blank to accept any redirect URI during OAuth flow.
DSet the redirect URI in the OAuth provider settings exactly to the Supabase callback URL used by your app.
Attempts:
2 left
💡 Hint

Redirect URIs must match exactly for security reasons.

Architecture
advanced
2:00remaining
OAuth Token Storage Best Practice

After a user signs in with GitHub OAuth in a Supabase app, where should the access token be stored to maintain security and usability?

AStore the access token securely in an HttpOnly cookie to prevent JavaScript access.
BStore the access token in localStorage for easy access by client scripts.
CEmbed the access token in the URL query parameters for sharing.
DStore the access token in a global JavaScript variable.
Attempts:
2 left
💡 Hint

Think about how to protect tokens from cross-site scripting attacks.

🧠 Conceptual
expert
3:00remaining
OAuth Provider Scope Impact

How does changing the OAuth scope in GitHub provider settings affect the Supabase authentication process?

AIt changes the permissions requested from the user, affecting what data the app can access after sign-in.
BIt changes the user's password requirements during sign-in.
CIt modifies the OAuth redirect URI dynamically during authentication.
DIt disables multi-factor authentication for the user.
Attempts:
2 left
💡 Hint

Scopes define what the app can do on behalf of the user.