or run

npx @tessl/cli init
Log in

Version

Files

evals

scenario-9

rubric.jsontask.md
tile.json

task.mdevals/scenario-9/

User Authentication Service

Build a user authentication service for a web application that implements Google OAuth 2.0 authentication with custom session handling.

Requirements

Your service should implement the following functionality:

Authentication Setup

Configure Google OAuth 2.0 authentication with the following requirements:

  • Use environment variables GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, and CALLBACK_URL for configuration
  • Request access to user profile and email information
  • Implement a verify callback that finds or creates users based on their Google profile

Session Management

Implement custom session handling with these features:

  • Create sessions only for successfully authenticated users
  • Serialize users by storing only their user ID in the session
  • Deserialize users by retrieving full user data from an in-memory user store
  • Configure the authentication to work with session-based authentication

Application Routes

Implement the following routes:

  • GET /auth/google - Initiates the Google OAuth flow
  • GET /auth/google/callback - Handles the OAuth callback
  • GET /profile - Returns the authenticated user's profile (requires authentication)
  • GET /logout - Logs out the user and destroys the session

User Storage

Maintain an in-memory store of users with the following structure:

  • User ID (unique identifier)
  • Google ID
  • Display name
  • Email address

When a user authenticates for the first time, create a new user record. For returning users, retrieve their existing record.

Test Cases

  • Accessing /profile without authentication redirects to /auth/google @test
  • After successful authentication, the user's Google ID and display name are stored correctly @test
  • User serialization stores only the user ID in the session @test
  • Logout successfully destroys the session @test

Implementation

@generates

API

/**
 * Configures and returns an Express application with Google OAuth authentication
 * and session management.
 *
 * @returns {Express.Application} Configured Express application
 */
function createAuthService() {
  // IMPLEMENTATION HERE
}

module.exports = { createAuthService };

Dependencies { .dependencies }

passport-google-oauth { .dependency }

Provides Google OAuth 2.0 authentication strategy for Passport.

passport { .dependency }

Authentication middleware for Node.js that handles authentication strategies and session integration.

express-session { .dependency }

Session middleware for Express that manages user sessions.

express { .dependency }

Web application framework for Node.js.