django-graphene-auth 1.1.1

Graphql and relay authentication with Graphene for Django.

Django Graphene Auth

Django GraphQL registration and authentication compatible with the latest versions of Django, Django GraphQL JWT

About

This project was based on the forked repository from Django GraphQL Auth - created by Pedro Bern (thanks so much for a great job).

The reason I decided to create this project is that the original doesn't support the newer versions of django, graphene-django and django-graphql-jwt. Futhermore, it appears that the original one will not be further developed in the near future.

Documentation

Documentation is available at read the docs.

Features

• Docs
• Fully compatible with Relay
• Works with default or custom user model
• JWT authentication (with Django GraphQL JWT)
• User query with filters (with Django Filter and Graphene Django)
• User registration with email verification
• Add secondary email, with email verification too
• Resend activation email
• Retrieve/Update user
• Archive user
• Permanently delete user or make it inactive
• Turn archived user active again on login
• Track user status (archived, verified, secondary email)
• Password change
• Password reset through email
• Revoke user refresh tokens on account archive/delete/password change/reset
• All mutations return success and errors
• Default email templates (you will customize though)
• Customizable, no lock-in

Full Schema

import graphene

from graphql_auth.schema import UserQuery, MeQuery
from graphql_auth import mutations

class AuthMutation(graphene.ObjectType):
    register = mutations.Register.Field()
    verify_account = mutations.VerifyAccount.Field()
    resend_activation_email = mutations.ResendActivationEmail.Field()
    send_password_reset_email = mutations.SendPasswordResetEmail.Field()
    password_reset = mutations.PasswordReset.Field()
    password_set = mutations.PasswordSet.Field() # For passwordless registration
    password_change = mutations.PasswordChange.Field()
    update_account = mutations.UpdateAccount.Field()
    archive_account = mutations.ArchiveAccount.Field()
    delete_account = mutations.DeleteAccount.Field()
    send_secondary_email_activation =  mutations.SendSecondaryEmailActivation.Field()
    verify_secondary_email = mutations.VerifySecondaryEmail.Field()
    swap_emails = mutations.SwapEmails.Field()
    remove_secondary_email = mutations.RemoveSecondaryEmail.Field()

    # django-graphql-jwt inheritances
    token_auth = mutations.ObtainJSONWebToken.Field()
    verify_token = mutations.VerifyToken.Field()
    refresh_token = mutations.RefreshToken.Field()
    revoke_token = mutations.RevokeToken.Field()


class Query(UserQuery, MeQuery, graphene.ObjectType):
    pass


class Mutation(AuthMutation, graphene.ObjectType):
    pass


schema = graphene.Schema(query=Query, mutation=Mutation)

Relay

Import mutations from the relay module:

from graphql_auth import relay

class AuthMutation(graphene.ObjectType):
   register = relay.Register.Field()
   # ...

Example

Handling user accounts becomes super easy.

mutation {
  register(
    email: "new_user@email.com",
    username: "new_user",
    password1: "123456super",
    password2: "123456super",
  ) {
    success,
    token,  # optional, depending on settings of GRAPHQL_AUTH['ALLOW_LOGIN_NOT_VERIFIED']
    refreshToken  # optional, depending on settings of GRAPHQL_JWT['JWT_LONG_RUNNING_REFRESH_TOKEN']
  }
}

Check the status of the new user:

u = UserModel.objects.last()
u.status.verified
# False

During the registration, an email with a verification link was sent.

mutation {
  verifyAccount(
    token:"<TOKEN ON EMAIL LINK>",
  ) {
    success
  }
}

Now user is verified.

u.status.verified
# True

Check the installation guide. Or if you prefer, browse the api.