GithubHelp home page GithubHelp logo

Comments (4)

mongkok avatar mongkok commented on May 27, 2024

Hi @TitanFighter :)

I think the easiest way is to send HTTP header and configure a JWT_PAYLOAD_HANDLER in your settings.

from datetime import timedelta

from graphql_jwt.utils import jwt_payload


def custom_jwt_payload(user, context):
    payload = jwt_payload(user)

    if context.META.get('HTTP_REMEMBER_ME', False):
    	payload['exp'] += timedelta(days=7)

    return payload


GRAPHQL_JWT = {
    'JWT_PAYLOAD_HANDLER': custom_jwt_payload,
}

So you do not need to refresh a token for 7 days + JWT_EXPIRATION_DELTA.

from django-graphql-jwt.

TitanFighter avatar TitanFighter commented on May 27, 2024

Yeah... I thought about something like that.

I want to clarify: Am I right that the token refresh is used for the security purpose? If so, then in the case of So you do not need to refresh a token for 7 days we lose some level of security.

Maybe, could it be a good idea to add into django-graphql-jwt Remember Me function with the next logic (all requests have HTTP_REMEMBER_ME header):

  • refresh token as usual, while REMEMBER_ME user online;
  • allow django-graphql-jwt to refresh token, when user comes back next day and send a token with expired exp, but ok-ish orig_iat + JWT_REFRESH_EXPIRATION_DELTA (need to add a check of HTTP_REMEMBER_ME presence in a header);
  • when orig_iat + JWT_REFRESH_EXPIRATION_DELTA is expired, send Signature has expired.

Does it make any sense?

from django-graphql-jwt.

mongkok avatar mongkok commented on May 27, 2024

Hi!
I think you should not refresh the token if the user selected remember me and would not use an HTTP header to bypass the refresh for security reasons.

For the moment, I have no plans to include it in this package.

from django-graphql-jwt.

TitanFighter avatar TitanFighter commented on May 27, 2024

Thanks!

from django-graphql-jwt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.