django-graphql-jwt 0.1.2

JSON Web Token for GraphQL

JSON Web Token authentication for Django GraphQL

Dependencies

• Python ≥ 3.4

• Django ≥ 1.11

Installation

Install last stable version from Pypi.

pip install django-graphql-jwt

Include the JWT middleware in your MIDDLEWARE settings:

MIDDLEWARE = [
    ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'graphql_jwt.middleware.JWTMiddleware',
    ...
]

Include the JWT backend in your AUTHENTICATION_BACKENDS settings:

AUTHENTICATION_BACKENDS = [
    'graphql_jwt.backends.JWTBackend',
    'django.contrib.auth.backends.ModelBackend',
]

Login

Create a LogIn mutation to authenticate the user.

from django.contrib.auth import authenticate, login

import graphene
from graphql_jwt.shortcuts import get_token


class LogIn(graphene.Mutation):
    token = graphene.String()

    class Arguments:
        username = graphene.String()
        password = graphene.String()

    @classmethod
    def mutate(cls, root, info, username, password):
        user = authenticate(username=username, password=password)

        if user is None:
            raise Exception('Please enter a correct username and password')

        if not user.is_active:
            raise Exception('It seems your account has been disabled')

        login(info.context, user)
        return cls(token=get_token(user))

Add the LogIn mutation to your GraphQL schema.

import graphene


class Mutations(graphene.ObjectType):
    login = LogIn.Field()


schema = graphene.Schema(mutations=Mutations)

Verify and refresh token

Add mutations to the root schema.

import graphene
import graphql_jwt


class Mutations(graphene.ObjectType):
    verify_token = graphql_jwt.Verify.Field()
    refresh_token = graphql_jwt.Refresh.Field()

verifyToken to confirm that the JWT is valid.

mutation VerifyToken($token: String!) {
  verifyToken(token: $token) {
    payload
  }
}

refreshToken to obtain a brand new token with renewed expiration time for non-expired tokens.

mutation RefreshToken($token: String!) {
  refreshToken(token: $token) {
    token
    payload
  }
}

Environment variables

JWT_ALGORITHM

Algorithm for cryptographic signing
Default: HS256

JWT_AUDIENCE

Identifies the recipients that the JWT is intended for
Default: None

JWT_ISSUER

Identifies the principal that issued the JWT
Default: None

JWT_LEEWAY

Validate an expiration time which is in the past but not very far
Default: seconds=0

JWT_SECRET_KEY

The secret key used to sign the JWT
Default: settings.SECRET_KEY

JWT_VERIFY

Secret key verification
Default: True

JWT_VERIFY_EXPIRATION

Expiration time verification
Default: False

JWT_EXPIRATION_DELTA

Timedelta added to utcnow() to set the expiration time
Default: minutes=5

JWT_ALLOW_REFRESH

Enable token refresh
Default: True

JWT_REFRESH_EXPIRATION_DELTA

Limit on token refresh
Default: days=7

JWT_AUTH_HEADER_PREFIX

Authorization prefix
Default: JWT