or run

npx @tessl/cli init
Log in

Version

Files

evals

scenario-1

rubric.jsontask.md
tile.json

task.mdevals/scenario-1/

Multi-Environment OAuth Authentication System

Build an authentication server that supports Google OAuth login across multiple deployment environments (development, staging, production) with environment-specific callback URLs.

Requirements

Your solution must:

  1. Create an Express.js server with Google OAuth 2.0 authentication
  2. Support three environments: development, staging, and production
  3. Use environment-specific callback URLs:
    • Development: http://localhost:3000/auth/google/callback
    • Staging: https://staging.example.com/auth/google/callback
    • Production: https://example.com/auth/google/callback
  4. Determine the current environment from process.env.NODE_ENV (defaults to development)
  5. Configure authentication to use the appropriate callback URL for the current environment
  6. Implement the following routes:
    • GET /auth/google - Initiates Google OAuth flow
    • GET /auth/google/callback - Handles OAuth callback
    • GET /profile - Protected route showing authenticated user info
    • GET / - Home page displaying current environment and authentication status
  7. On successful authentication, redirect to /profile
  8. On failed authentication, redirect to / with error information

Test Cases

@test Development Environment Callback

When NODE_ENV is set to development, the authentication strategy should use http://localhost:3000/auth/google/callback as the callback URL.

Test steps:

  1. Set NODE_ENV=development
  2. Initialize the authentication strategy
  3. Verify the callback URL is http://localhost:3000/auth/google/callback

@test Staging Environment Callback

When NODE_ENV is set to staging, the authentication strategy should use https://staging.example.com/auth/google/callback as the callback URL.

Test steps:

  1. Set NODE_ENV=staging
  2. Initialize the authentication strategy
  3. Verify the callback URL is https://staging.example.com/auth/google/callback

@test Production Environment Callback

When NODE_ENV is set to production, the authentication strategy should use https://example.com/auth/google/callback as the callback URL.

Test steps:

  1. Set NODE_ENV=production
  2. Initialize the authentication strategy
  3. Verify the callback URL is https://example.com/auth/google/callback

Implementation Files

Create the following files:

  • server.js - Main Express server with OAuth configuration
  • server.test.js - Test file containing the test cases above

Dependencies { .dependencies }

passport-google-oauth { .dependency }

Provides Google OAuth 2.0 authentication strategy for authenticating users.

express { .dependency }

Web framework for creating the HTTP server and handling routes.

express-session { .dependency }

Session middleware for managing user sessions after authentication.

Notes

  • Use placeholder values for clientID and clientSecret (e.g., 'YOUR_CLIENT_ID', 'YOUR_CLIENT_SECRET')
  • The verify callback should accept user profile and call done with a user object
  • Implement proper session serialization and deserialization
  • Ensure the server properly initializes passport middleware