Skip to main content

Strawberry-graphql port of the graphene-django-jwt package

Project description

Strawberry Django JWT

PyPI - Downloads GitHub commit activity GitHub last commit

JSON Web Token authentication for Strawberry Django GraphQL


Disclaimer

This project is a forked version of Django GraphQL JWT that substitutes Graphene GraphQL backend for Strawberry


Installation

  1. Install last stable version from Pypi:

    pip install strawberry-django-jwt
    
  2. Add AuthenticationMiddleware middleware to your MIDDLEWARE settings:

    MIDDLEWARE = [
        ...,
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        ...,
    ]
    
  3. Add JSONWebTokenMiddleware or AsyncJSONWebTokenMiddleware middleware to your STRAWBERRY schema definition:

    from strawberry_django_jwt.middleware import JSONWebTokenMiddleware, AsyncJSONWebTokenMiddleware
    from strawberry import Schema
    
    schema = Schema(...)
    schema.middleware.extend([
         # !! IMPORTANT !!
         # Pick only one, async middleware is needed when using AsyncGraphQLSchema
         JSONWebTokenMiddleware(),
         AsyncJSONWebTokenMiddleware(),
    ])
    
  4. Add JSONWebTokenBackend backend to your AUTHENTICATION_BACKENDS:

    AUTHENTICATION_BACKENDS = [
        'strawberry_django_jwt.backends.JSONWebTokenBackend',
        'django.contrib.auth.backends.ModelBackend',
    ]
    
  5. Add strawberry-django-jwt mutations to the root schema:

    import strawberry
    import strawberry_django_jwt.mutations as jwt_mutations
    
    @strawberry.type
    class Mutation:
        token_auth = jwt_mutations.ObtainJSONWebToken.obtain
        verify_token = jwt_mutations.Verify.verify
        refresh_token = jwt_mutations.Refresh.refresh
        delete_token_cookie = jwt_mutations.DeleteJSONWebTokenCookie.delete_cookie
    
    
    schema = strawberry.Schema(mutation=Mutation, query=...)
    
  6. [OPTIONAL] Set up the custom Strawberry views

    These views set the status code of failed authentication attempts to 401 instead of the default 200.

    from django.urls import re_path
    from strawberry_django_jwt.decorators import jwt_cookie
    from strawberry_django_jwt.views import StatusHandlingGraphQLView as GQLView
    from ... import schema
    
    urlpatterns += \
     [
         re_path(r'^graphql/?$', jwt_cookie(GQLView.as_view(schema=schema))),
     ]
    

    or, for async views:

    from django.urls import re_path
    from strawberry_django_jwt.decorators import jwt_cookie
    from strawberry_django_jwt.views import AsyncStatusHandlingGraphQLView as AGQLView
    from ... import schema
    
    urlpatterns += \
     [
         re_path(r'^graphql/?$', jwt_cookie(AGQLView.as_view(schema=schema))),
     ]
    

Quickstart Documentation

===============Work in Progress===============

Relay support has been temporarily removed due to lack of experience with Relay

Most of the features are conceptually the same as those provided by Django GraphQL JWT

Authenticating fields

Fields can be set to auth-only using the login_required decorator in combination with strawberry.field or via login_field

import strawberry
from strawberry.types import Info
from strawberry_django_jwt.decorators import login_required


def auth_field(fn=None):
    return strawberry.field(login_required(fn))


@strawberry.type
class Query:
    @auth_field
    def hello(self, info: Info) -> str:
        return "World"

    @strawberry.field
    @login_required
    def foo(self, info: Info) -> str:
        return "Bar"

Please note the info argument, without which strawberry would not provide the context info required for authentication.

Mixin info injection

An alternative approach to this problem is following:

import strawberry
from strawberry.types import Info
from strawberry_django_jwt.decorators import login_required, login_field
from strawberry_django_jwt.mixins import RequestInfoMixin


@strawberry.type
class Query(RequestInfoMixin):
    @login_field
    def hello(self) -> str:
        # self == { 'info': ... } in this case
        return "World"

    @strawberry.field
    @login_required
    def foo(self) -> str:
        # self == { 'info': ... } in this case
        return self.get("info").field_name

    @strawberry.field
    @login_required
    def explicit_foo(self, info: Info) -> str:
        # self == { } in this case
        return info.field_name

RequestInfoMixin automatically injects info arguments to all fields in the class.

All function arguments that are not present in the definition will be added by the login_required decorator to the self dictionary as kwargs.

Async views

Should be fully supported :)

import strawberry
from strawberry_django_jwt.decorators import login_field
from strawberry_django_jwt.mixins import RequestInfoMixin


@strawberry.type
class Query(RequestInfoMixin):
    @login_field
    async def foo(self) -> str:
        return "bar"

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

File details

Details for the file strawberry-django-jwt-0.1.1.dev1624316051.tar.gz.

File metadata

File hashes

Hashes for strawberry-django-jwt-0.1.1.dev1624316051.tar.gz
Algorithm Hash digest
SHA256 d902371c119772ccfda7b4fbe3e21de2f00fb7a2cbf42a8d7098778e143af30b
MD5 3a5a3e0932217153b064b1e1664fd244
BLAKE2b-256 fc0c9a0667c5ad9c12275dfc4d1afb1441448863557cb049a18d3cf194d1776a

See more details on using hashes here.

File details

Details for the file strawberry_django_jwt-0.1.1.dev1624316051-py3-none-any.whl.

File metadata

File hashes

Hashes for strawberry_django_jwt-0.1.1.dev1624316051-py3-none-any.whl
Algorithm Hash digest
SHA256 e28a0ccc9d4f42f965b8c7b0f44b35da228735ebd0dedf32be620940937daac7
MD5 ec3622e0f0a95eb9505e39de9ca982e8
BLAKE2b-256 2b480c03abb45f5c1a689d5414c6cba1a2a8529e99949d885b27de547f809498

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page