All-in-One JWT Authentication plugin for Strawberry
Project description
Chowkidar
A simple, straight-forward JWT authentication plugin for your Django Strawberry GraphQL APIs.
Installation
- Install the package from PyPI:
pip install chowkidar-strawberry
- Add
chowkidar_strawberry
to yourINSTALLED_APPS
:
INSTALLED_APPS = [
...
"chowkidar",
]
- Add
chowkidar.extensions.JWTAuthExtension
to your strawberry schema extensions:-
from chowkidar.extension import JWTAuthExtension
schema = strawberry.Schema(
query=Query,
mutation=Mutation,
extensions=[JWTAuthExtension],
)
- Wrap your Strawberry GraphQL view with
chowkidar.view.auth_enabled_view
:
from chowkidar.view import auth_enabled_view
urlpatterns = [
...
path(
"graphql/",
auth_enabled_view(
GraphQLView.as_view(schema=schema, graphiql=settings.DEBUG)
)
),
]
How it Works?
- Uses short-lived stateless JWT Access Token set as cookie to authenticate users. An additional, long-running stateful JWT Refresh Token, that is recorded in RefreshToken model, is also generated to automatically to allow refreshing / generating new access token when expired. This process is fully managed automatically at the backend. For issuing new access token using a existing refresh token, the refresh token is validated against the DB. For all other requests, the DB is not hit, but access key is simply validated against its key.
settings.py
enlists various configuration options for this plugin. The default values are set to work out of the box with minimal configuration. You can override these values in your project'ssettings.py
to customize the behavior.- Uses a custom Strawberry Extension to read JWT cookies from the
request, for validation, and auto issuing new access token using refresh token when available. Also sets up
info.context.userID
for easy access to the authenticated user's ID in resolvers. This extension is valid throughout the resolving period of the GraphQL request, although auth is processed before actual query execution. This is defined inextensions.py
. - Uses a wrapper function that wraps the GraphQLView to manage cookies. Data for the cookies is sent to this function
via setting custom attribute in
request
object fromextensions.py
. This function executes after GraphQL has been fully processed and http response is ready. This is defined inview.py
. - Consumer applications can custom write login/logout mutations, by wrapping those with
@issue_tokens_on_login
and@revoke_tokens_on_logout
decorators. These are defined inwrappers.py
- Consumer APIs can decorate auth requiring resolvers with
@login_required
(or@resolve_user
), as well as get get the ID of the requesting user frominfo.context.userID
. The decorators are defined indecorators.py
.
Acknowledgement
This project is inspired by django-graphql-jwt & django-graphql-social-auth by flavors, and is loosely forked from its implementation.
License
This project is licensed under the GNU General Public License V3.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file chowkidar-strawberry-0.1.1.tar.gz
.
File metadata
- Download URL: chowkidar-strawberry-0.1.1.tar.gz
- Upload date:
- Size: 23.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.13
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c5d9ae2a79ba1cca665c91e51afc91e22a88cc0fec027adbebc636d1ec506907 |
|
MD5 | a50e5887649e32450794fffa8c3657d9 |
|
BLAKE2b-256 | ac8b51ede6b1c05379af844a8ba94e160ea0b31c7ad09e75ad49a69e9fd02998 |