JSON Web Token for Django GraphQL
Project description
JSON Web Token authentication for Django GraphQL
Dependencies
Django ≥ 1.11
Installation
Install last stable version from Pypi.
pip install django-graphql-jwt
Include the JSONWebTokenMiddleware middleware in your MIDDLEWARE settings:
MIDDLEWARE = [
...
'django.contrib.auth.middleware.AuthenticationMiddleware',
'graphql_jwt.middleware.JSONWebTokenMiddleware',
...
]
Include the JSONWebTokenBackend backend in your AUTHENTICATION_BACKENDS settings:
AUTHENTICATION_BACKENDS = [
'graphql_jwt.backends.JSONWebTokenBackend',
'django.contrib.auth.backends.ModelBackend',
]
Schema
Add mutations to the root schema.
import graphene
import graphql_jwt
class Mutations(graphene.ObjectType):
token_auth = graphql_jwt.ObtainJSONWebToken.Field()
verify_token = graphql_jwt.Verify.Field()
refresh_token = graphql_jwt.Refresh.Field()
schema = graphene.Schema(mutations=Mutations)
tokenAuth to authenticate the user and obtain the JSON Web Token.
The mutation uses your User’s model USERNAME_FIELD, which by default is username.
mutation TokenAuth($username: String!, $password: String!) {
tokenAuth(username: $username, password: $password) {
token
}
}
verifyToken to confirm that the token is valid.
mutation VerifyToken($token: String!) {
verifyToken(token: $token) {
payload
}
}
refreshToken to obtain a brand new token with renewed expiration time for non-expired tokens.
[wiki] Configure your refresh token scenario and set the flag JWT_VERIFY_EXPIRATION=true.
mutation RefreshToken($token: String!) {
refreshToken(token: $token) {
token
payload
}
}
Authentication in GraphQL queries
Now in order to access protected API you must include the Authorization: JWT <token> header.
Django-graphql-jwt uses middleware to hook the authenticated user into request object. The simple, raw way to limit access to data is to check info.context.user.is_authenticated:
import graphene
class Query(graphene.ObjectType):
viewer = graphene.Field(UserType)
def resolve_viewer(self, info, **kwargs):
user = info.context.user
if not user.is_authenticated:
raise Exception('Authentication credentials were not provided')
return user
[wiki] As a shortcut, you can use a login_required() decorator for your queries and mutations:
import graphene
class Query(graphene.ObjectType):
viewer = graphene.Field(UserType)
@login_required
def resolve_viewer(self, info, **kwargs):
return info.context.user
Relay
Complete support for Relay.
import graphene
import graphql_jwt
class Mutations(graphene.ObjectType):
token_auth = graphql_jwt.relay.ObtainJSONWebToken.Field()
verify_token = graphql_jwt.relay.Verify.Field()
refresh_token = graphql_jwt.relay.Refresh.Field()
Customizing
If you want to customize the ObtainJSONWebToken behavior, you’ll need to customize the .resolve() method on a subclass of JSONWebTokenMutation or .relay.JSONWebTokenMutation.
import graphene
import graphql_jwt
class ObtainJSONWebToken(graphql_jwt.JSONWebTokenMutation):
user = graphene.Field(UserType)
@classmethod
def resolve(cls, root, info):
return cls(user=info.context.user)
Authenticate the user and obtain the token and the user id.
mutation TokenAuth($username: String!, $password: String!) {
tokenAuth(username: $username, password: $password) {
token
user {
id
}
}
}
Environment variables
Algorithm for cryptographic signing Default: HS256
Identifies the recipients that the JWT is intended for Default: None
Identifies the principal that issued the JWT Default: None
Validate an expiration time which is in the past but not very far Default: seconds=0
The secret key used to sign the JWT Default: settings.SECRET_KEY
Secret key verification Default: True
Expiration time verification Default: False
JWT_EXPIRATION_DELTA
Timedelta added to utcnow() to set the expiration time Default: minutes=5
JWT_ALLOW_REFRESH
Enable token refresh Default: True
JWT_REFRESH_EXPIRATION_DELTA
Limit on token refresh Default: days=7
JWT_AUTH_HEADER_PREFIX
Authorization prefix Default: JWT
Credits to @jpadilla / django-rest-framework-jwt.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_graphql_jwt-0.1.8-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9de71dbf7a37826cf394f90f83232c472b05a1d907f95dff57ff177db4f34469 |
|
MD5 | 73b3f64364fbabcfc64d3d32a272d4db |
|
BLAKE2b-256 | cf133b9aec0627c649fa3da7147f97d6067a10e3e1a89fcdbc85598327a1f32b |