or run

npx @tessl/cli init
Log in

Version

Files

evals

scenario-7

rubric.jsontask.md
tile.json

task.mdevals/scenario-7/

Google OAuth Login with Error Handling

Build a web application that implements Google OAuth 2.0 authentication with comprehensive error handling and proper failure management.

Requirements

Your application should provide the following functionality:

Authentication Flow

Implement Google OAuth 2.0 authentication that:

  • Redirects unauthenticated users to a login page
  • Initiates Google OAuth authentication when the user clicks "Login with Google"
  • Handles the OAuth callback from Google
  • Creates or retrieves user records after successful authentication
  • Redirects authenticated users to a protected dashboard page

Error Handling

Implement robust error handling that:

  • Catches and handles OAuth errors during the authentication process
  • Distinguishes between different types of authentication failures (access denied, invalid credentials, network errors, etc.)
  • Redirects users to an error page with appropriate error messages on authentication failure
  • Logs all authentication errors with sufficient detail for debugging purposes
  • Returns user-friendly error messages that don't expose sensitive implementation details

Protected Routes

Create the following routes:

  • GET / - Landing page with a "Login with Google" link
  • GET /auth/google - Initiates Google OAuth authentication
  • GET /auth/google/callback - Handles OAuth callback from Google
  • GET /dashboard - Protected route that displays user information (requires authentication)
  • GET /error - Error page that displays authentication error messages
  • GET /logout - Logs out the user and redirects to the landing page

Test Cases

  • When a user successfully authenticates with Google, they are redirected to the dashboard page displaying their profile information @test
  • When a user denies access during Google OAuth, they are redirected to the error page with a message indicating access was denied @test
  • When invalid OAuth credentials are provided in configuration, authentication fails and the error is logged appropriately @test
  • When accessing the dashboard without authentication, the user is redirected to the login page @test

Implementation

@generates

API

/**
 * Express application with Google OAuth authentication
 * and comprehensive error handling
 */

// Main application routes
app.get('/', handleLandingPage);
app.get('/auth/google', initiateGoogleAuth);
app.get('/auth/google/callback', handleGoogleCallback);
app.get('/dashboard', requireAuth, handleDashboard);
app.get('/error', handleError);
app.get('/logout', handleLogout);

/**
 * Middleware to check if user is authenticated
 */
function requireAuth(req, res, next) {
  // Implementation here
}

/**
 * Handler for landing page
 */
function handleLandingPage(req, res) {
  // Implementation here
}

/**
 * Handler for initiating Google OAuth
 */
function initiateGoogleAuth(req, res, next) {
  // Implementation here
}

/**
 * Handler for Google OAuth callback
 */
function handleGoogleCallback(req, res, next) {
  // Implementation here
}

/**
 * Handler for protected dashboard
 */
function handleDashboard(req, res) {
  // Implementation here
}

/**
 * Handler for error page
 */
function handleError(req, res) {
  // Implementation here
}

/**
 * Handler for logout
 */
function handleLogout(req, res) {
  // Implementation here
}

module.exports = app;

Configuration

Your application should read OAuth credentials from environment variables:

  • GOOGLE_CLIENT_ID - Google OAuth 2.0 client ID
  • GOOGLE_CLIENT_SECRET - Google OAuth 2.0 client secret
  • CALLBACK_URL - OAuth callback URL (default: http://localhost:3000/auth/google/callback)

Dependencies { .dependencies }

passport-google-oauth { .dependency }

Provides Google OAuth 2.0 authentication strategy for Passport.js, including error handling capabilities for authentication failures.

passport { .dependency }

Authentication middleware for Node.js that provides the framework for implementing OAuth strategies.

express { .dependency }

Web application framework for handling HTTP requests and routing.

express-session { .dependency }

Session middleware for Express to maintain user authentication state across requests.