Comments (8)
Hi @skitoo :),
I would like to include this feature, unfortunately I do not find an easy way to modify the response
object to set the cookie:
https://docs.djangoproject.com/en/2.1/ref/request-response/#django.http.HttpResponse.set_cookie
A decorator for Graphene view could be the best approach:
from django.urls import path
from graphene_django.views import GraphQLView
from graphql_jwt.decoratos import jwt_cookie
urlpatterns = [
path('graphql/', jwt_cookie(GraphQLView.as_view(), name='JWT-cookie')),
]
Update: Used graphene_django.views
instead of graphql_extensions.views
.
from django-graphql-jwt.
I think the best way to inject the cookie into the response is to do it in middleware.
Maybe here ? https://github.com/flavors/django-graphql-jwt/blob/master/graphql_jwt/middleware.py#L75
from django-graphql-jwt.
Hi @skitoo,
Right now there are two middlewares for authentication:
Graphene Middleware
: can't access the response object.Django Middleware
: will be deprecated in the future
To configure the cookie we can create a new Django middleware JWTCookieMiddleware
or a decorator @jwt_cookie
for the view, the two implementations are valid and require a new configuration (settings or urls).
from django-graphql-jwt.
I have found a solution for this using the Django middleware at least, but I'm guessing it will break with your next update:
def process_response(self, request, response):
patch_vary_headers(response, ('Authorization',))
'''
@dev Store JWT token in session cookie
@author thevaleriemack
'''
if response.content.find(b'tokenAuth') != -1:
try:
response_content = bytes_to_dict(response.content)
token_auth = response_content['data']['tokenAuth']['token']
request.session['tokenAuth'] = token_auth
except KeyError:
pass
return response
def process_request(self, request):
if (get_authorization_header(request) is not None and
(not hasattr(request, 'user') or request.user.is_anonymous)):
try:
user = authenticate(request=request)
except JSONWebTokenError as err:
return JsonResponse({
'errors': [{'message': str(err)}],
}, status=401)
if user is not None:
request.user = request._cached_user = user
'''
@dev Access JWT from session cookie if it is not in the header
@author thevaleriemack
'''
if (request.session.get('tokenAuth') and not
request.META.get('HTTP_AUTHORIZATION')):
request.META['HTTP_AUTHORIZATION'] = jwt_settings.JWT_AUTH_HEADER_PREFIX + " " + request.session['tokenAuth']
try:
user = authenticate(request=request)
except JSONWebTokenError as err:
return JsonResponse({
'errors': [{'message': str(err)}],
}, status=401)
if user is not None:
request.user = request._cached_user = user
return None
It's a bit hacky i guess? Let me know what you think. Any major flaws here?
from django-graphql-jwt.
@mongkok I'm also wanting to do this, too. Any chance of getting JWTCookieMiddleware in an upcoming release?
from django-graphql-jwt.
Sorry for the delay in my response
Django's middleware will be deprecated in the future in favour of Graphene's middleware.
I created a pull request #75 to include cookie authentication using a decorator.
I'll release a new version on PyPI as soon as this PR is merged.
from django-graphql-jwt.
@mongkok Thank you ! :)
from django-graphql-jwt.
Thank you a lot :)
from django-graphql-jwt.
Related Issues (20)
- Is it possible to turn the token field names configurable by settings?
- Understanding jwt_payload util method
- modulenotfounderror: no module named 'graphql_jwt'
- How to delete a Token from the server-side (mutation). when a user gives a logout the token will be destroyed from server-side by using mutation? is it possible? If so. please explain. HOT 2
- How can I create/set JWT Token in Django view and then redirect to Frontend? HOT 1
- fails if root object types not named Query and Mutation HOT 3
- Cant Delete Cookies With Same Settings with tokenAuth Mutation
- Implement a log out HOT 1
- TypeError: Signal.__init__() got an unexpected keyword argument 'providing_args' HOT 1
- Selective application of JWT expiration check for specific operations
- import error from strawberry_django.utlis
- Tests fails in year 2038
- Graphene 3 support? HOT 2
- TypeError: JSONWebTokenMiddleware.__init__() takes 1 positional argument but 2 were given
- from django.utils.translation import ugettext as _
- Add custom key-value pair in JWT payload.
- cannot import name 'ugettext' from 'django.utils.translation' HOT 4
- Add fingerprint to token and cookies to prevent sidejacking
- Case sensitive Username
- TypeError: Signal.__init__() got an unexpected keyword argument 'providing_args' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-graphql-jwt.