Strawberry-graphql port of the graphene-django-jwt package
Project description
Strawberry Django JWT
JSON Web Token authentication for Strawberry Django GraphQL
Disclaimer
This project is a forked version of Django GraphQL JWT that substitutes Graphene GraphQL backend for Strawberry
Installation
-
Install last stable version from Pypi:
pip install strawberry-django-jwt
-
Add
AuthenticationMiddleware
middleware to your MIDDLEWARE settings:MIDDLEWARE = [ ..., 'django.contrib.auth.middleware.AuthenticationMiddleware', ..., ]
-
Add
JSONWebTokenMiddleware
orAsyncJSONWebTokenMiddleware
middleware to your STRAWBERRY schema definition:from strawberry_django_jwt.middleware import JSONWebTokenMiddleware, AsyncJSONWebTokenMiddleware from strawberry import Schema schema = Schema(...) schema.middleware.extend([ # !! IMPORTANT !! # Pick only one, async middleware is needed when using AsyncGraphQLSchema JSONWebTokenMiddleware(), AsyncJSONWebTokenMiddleware(), ])
-
Add
JSONWebTokenBackend
backend to your AUTHENTICATION_BACKENDS:AUTHENTICATION_BACKENDS = [ 'strawberry_django_jwt.backends.JSONWebTokenBackend', 'django.contrib.auth.backends.ModelBackend', ]
-
Add strawberry-django-jwt mutations to the root schema:
import strawberry import strawberry_django_jwt.mutations as jwt_mutations @strawberry.type class Mutation: token_auth = jwt_mutations.ObtainJSONWebToken.obtain verify_token = jwt_mutations.Verify.verify refresh_token = jwt_mutations.Refresh.refresh delete_token_cookie = jwt_mutations.DeleteJSONWebTokenCookie.delete_cookie
schema = strawberry.Schema(mutation=Mutation, query=...)
-
[OPTIONAL] Set up the custom Strawberry views
These views set the status code of failed authentication attempts to 401 instead of the default 200.
from django.urls import re_path from strawberry_django_jwt.decorators import jwt_cookie from strawberry_django_jwt.views import StatusHandlingGraphQLView as GQLView from ... import schema urlpatterns += \ [ re_path(r'^graphql/?$', jwt_cookie(GQLView.as_view(schema=schema))), ]
or, for async views:
from django.urls import re_path from strawberry_django_jwt.decorators import jwt_cookie from strawberry_django_jwt.views import AsyncStatusHandlingGraphQLView as AGQLView from ... import schema urlpatterns += \ [ re_path(r'^graphql/?$', jwt_cookie(AGQLView.as_view(schema=schema))), ]
Known Issues
-
JWT_ALLOW_ANY_CLASSES
-
Only supports return-type based filtering at the moment, because strawberry does not use class-based field definitions (so all superclasses are dropped)
-
It might be possible to create a workaround by using either a class decorator or by creating a custom graphql scheme that somehow preserves class hierarchy of types
-
Quickstart Documentation
===============Work in Progress===============
Relay support has been temporarily removed due to lack of experience with Relay
Most of the features are conceptually the same as those provided by Django GraphQL JWT
Authenticating Fields
Fields can be set to auth-only using the login_required
decorator in combination with strawberry.field
or
via login_field
import strawberry
from strawberry.types import Info
from strawberry_django_jwt.decorators import login_required
def auth_field(fn=None):
return strawberry.field(login_required(fn))
@strawberry.type
class Query:
@auth_field
def hello(self, info: Info) -> str:
return "World"
@strawberry.field
@login_required
def foo(self, info: Info) -> str:
return "Bar"
Please note the info argument, without which strawberry would not provide the context info required for authentication.
Mixin Info Injection
An alternative approach to this problem is following:
import strawberry
from strawberry.types import Info
from strawberry_django_jwt.decorators import login_required, login_field
from strawberry_django_jwt.mixins import RequestInfoMixin
@strawberry.type
class Query(RequestInfoMixin):
@login_field
def hello(self) -> str:
# self == { 'info': ... } in this case
return "World"
@strawberry.field
@login_required
def foo(self) -> str:
# self == { 'info': ... } in this case
return self.get("info").field_name
@strawberry.field
@login_required
def explicit_foo(self, info: Info) -> str:
# self == { } in this case
return info.field_name
RequestInfoMixin
automatically injects info arguments to all fields in the class.
All function arguments that are not present in the definition will be added by the login_required
decorator to
the self
dictionary as kwargs.
Model Mutations
You can add the login_required decorator to them as well
import strawberry
from strawberry_django_jwt.decorators import login_required
from strawberry_django_jwt.mixins import RequestInfoMixin
from strawberry.django import mutations
@strawberry.type
class Mutation(RequestInfoMixin):
foo_create: FooType = login_required(mutations.create(FooInput))
foo_delete: FooType = login_required(mutations.update(FooPartialInput))
foo_update: FooType = login_required(mutations.delete())
Async Views
Should be fully supported :)
import strawberry
from strawberry_django_jwt.decorators import login_field
from strawberry_django_jwt.mixins import RequestInfoMixin
@strawberry.type
class Query(RequestInfoMixin):
@login_field
async def foo(self) -> str:
return "bar"
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file strawberry-django-jwt-0.1.1.dev1625157459.tar.gz
.
File metadata
- Download URL: strawberry-django-jwt-0.1.1.dev1625157459.tar.gz
- Upload date:
- Size: 28.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.7 CPython/3.8.2 Linux/5.8.0-1036-azure
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | bc7b8e7ee4c08e18992bf4f29f5b9bd0d049776c29be63a8f237dc17370d0bf7 |
|
MD5 | cfbb6a17ff8e6a9fdef56199493581a7 |
|
BLAKE2b-256 | 89e2749467127c4feea13dc78d4a1fcb931449f3c1fce61b23d8797ff4da5268 |
File details
Details for the file strawberry_django_jwt-0.1.1.dev1625157459-py3-none-any.whl
.
File metadata
- Download URL: strawberry_django_jwt-0.1.1.dev1625157459-py3-none-any.whl
- Upload date:
- Size: 49.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.7 CPython/3.8.2 Linux/5.8.0-1036-azure
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6a73608b71c0fa6ff6f36ceb092a0a0099dfa64e7df6fcc2d3ec406d64882229 |
|
MD5 | 1d78bc01a22f27c8b37e61eac534d5c5 |
|
BLAKE2b-256 | 20c71d535fa914f5d806f7968b6f83f9418ab4ff38bf7c8b394ed3a9f5eef551 |