django-graphql-jwt 0.1.4

JSON Web Token for GraphQL

JSON Web Token authentication for Django GraphQL

Dependencies

• Python ≥ 3.4

• Django ≥ 1.11

Installation

Install last stable version from Pypi.

pip install django-graphql-jwt

Include the JSONWebTokenMiddleware middleware in your MIDDLEWARE settings:

MIDDLEWARE = [
    ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'graphql_jwt.middleware.JSONWebTokenMiddleware',
    ...
]

Include the JSONWebTokenBackend backend in your AUTHENTICATION_BACKENDS settings:

AUTHENTICATION_BACKENDS = [
    'graphql_jwt.backends.JSONWebTokenBackend',
    'django.contrib.auth.backends.ModelBackend',
]

Schema

Add mutations to the root schema.

import graphene
import graphql_jwt


class Mutations(graphene.ObjectType):
    token_auth = graphql_jwt.ObtainJSONWebToken.Field()
    verify_token = graphql_jwt.Verify.Field()
    refresh_token = graphql_jwt.Refresh.Field()

schema = graphene.Schema(mutations=Mutations)

• tokenAuth to authenticate the user and obtain the JSON Web Token.

The mutation uses your User’s model USERNAME_FIELD, which by default is username.

mutation TokenAuth($username: String!, $password: String!) {
  tokenAuth(username: $username, password: $password) {
    token
  }
}

• verifyToken to confirm that the token is valid.

mutation VerifyToken($token: String!) {
  verifyToken(token: $token) {
    payload
  }
}

• refreshToken to obtain a brand new token with renewed expiration time for non-expired tokens.

[wiki] Configure your refresh token scenario and set the flag JWT_VERIFY_EXPIRATION=true.

mutation RefreshToken($token: String!) {
  refreshToken(token: $token) {
    token
    payload
  }
}

Relay

Complete support for Relay.

import graphene
import graphql_jwt


class Mutations(graphene.ObjectType):
    token_auth = graphql_jwt.relay.ObtainJSONWebToken.Field()
    verify_token = graphql_jwt.relay.Verify.Field()
    refresh_token = graphql_jwt.relay.Refresh.Field()

Customizing

If you want to customize the ObtainJSONWebToken behavior, you’ll need to customize the .do_auth() method on a subclass of JSONWebTokenMutation or .relay.JSONWebTokenMutation.

import graphene
import graphql_jwt


class ObtainJSONWebToken(graphql_jwt.JSONWebTokenMutation):
    user = graphene.Field(UserType)

    @classmethod
    def do_auth(cls, info):
        return cls(user=info.context.user)

Authenticate the user and obtain the token and the user id.

mutation TokenAuth($username: String!, $password: String!) {
  tokenAuth(username: $username, password: $password) {
    token
    user {
      id
    }
  }
}

Environment variables

JWT_ALGORITHM

Algorithm for cryptographic signing
Default: HS256

JWT_AUDIENCE

Identifies the recipients that the JWT is intended for
Default: None

JWT_ISSUER

Identifies the principal that issued the JWT
Default: None

JWT_LEEWAY

Validate an expiration time which is in the past but not very far
Default: seconds=0

JWT_SECRET_KEY

The secret key used to sign the JWT
Default: settings.SECRET_KEY

JWT_VERIFY

Secret key verification
Default: True

JWT_VERIFY_EXPIRATION

Expiration time verification
Default: False

JWT_EXPIRATION_DELTA

Timedelta added to utcnow() to set the expiration time
Default: minutes=5

JWT_ALLOW_REFRESH

Enable token refresh
Default: True

JWT_REFRESH_EXPIRATION_DELTA

Limit on token refresh
Default: days=7

JWT_AUTH_HEADER_PREFIX

Authorization prefix
Default: JWT

---

Credits to @jpadilla / django-rest-framework-jwt.