Is there any reason to send token twice (in the header and in the query) in case of using verifyToken and refreshToken? about django-graphql-jwt HOT 4 CLOSED

Hi @TitanFighter,
The authentication header is not used to verify and refresh tokens, credentials are not required.

from django-graphql-jwt.

On the other hand I think it's a good idea to refresh a token using the authentication header, but in this case I would prefer a token as a required field and defined within the GraphQL/schema.

from django-graphql-jwt.

Hi @mongkok

The authentication header is not used to verify and refresh tokens, credentials are not required.

Yes, I know, but what I am thinking about is the next case: when a user is already authenticated, we already use authentication header and additionally from time to time we anyway refresh it, so in this case we can refresh token based on the header. It was just a proposition :)

Regarding token verification... I implemented it in the wrong way... Now I see that at first it should be verified and after this it should be add to the header.

from django-graphql-jwt.

Is a good proposal @TitanFighter, but for this package I would prefer a required token within GraphQL schema.

from django.utils.translation import ugettext as _

import graphene
from graphene.types.generic import GenericScalar
from graphql_jwt.exceptions import JSONWebTokenError
from graphql_jwt.utils import get_authorization_header, get_payload


class Verify(graphene.Mutation):
    payload = GenericScalar()

    class Arguments:
        token = graphene.String()

    @classmethod
    def mutate(cls, root, info, token=None, **kwargs):
        if token is None:
            token = get_authorization_header(info.context)

        if token is None:
            JSONWebTokenError(_('Token is required'))

        return cls(payload=get_payload(token, info.context))

from django-graphql-jwt.