Comments (5)
Hi @kavink,
I have not seen similar projects for Flask and Graphene but there is a Flask library that could be a perfect toolkit to make it yourself.
https://github.com/vimalloc/flask-jwt-extended
flask-jwt-extended has functions to develop all mutations included in Django-graphql-jwt.
tokenAuth(username, password)
: create_access_token()verifyToken(token)
: get_jwt_identity()refreshToken(token)
: create_refresh_token()
and you could use the @jwt_required
decorator to limit access to data.
import graphene
import graphene_sqlalchemy
from flask_jwt_extended import current_user, jwt_required
class UserType(graphene_sqlalchemy.SQLAlchemyObjectType):
class Meta:
model = UserModel
class Query(graphene.ObjectType):
viewer = graphene.Field(UserType)
users = graphene.List(UserType)
@jwt_required
def resolve_viewer(self, info, **kwargs):
return current_user
@jwt_required
# TODO: @superuser_required
def resolve_users(self, info, **kwargs):
return info.context['session'].query(UserModel).all()
class UpdateUser(graphene.Mutation):
user = graphene.Field(UserType)
class Arguments:
email = graphene.String()
@classmethod
@jwt_required
def mutate(cls, root, info, email):
# TODO: update current_user
return cls(user=current_user)
from django-graphql-jwt.
Alternatively to limit access to data some can use a middleware and validate token on your own. In this way you don't need to decorate all of your resolvers with jwt_required
from flask_jwt_extended import verify_jwt_in_request
class AuthMiddleware(object):
def resolve(self, next, root, info, **kwargs):
# This will only be called once for a request
if root is None:
# verify jwt if requested resource is not public
if info.field_name not in ['tokenAuth', 'verifyToken']:
verify_jwt_in_request()
return next(root, info, **kwargs)
return next(root, info, **kwargs)
And then:
auth_middleware = AuthMiddleware()
app.add_url_rule("/graphql", view_func=GraphQLView.as_view(
"graphql",
schema=schema,
graphiql=True,
middleware=[auth_middleware]
))
from django-graphql-jwt.
@kavink - were you able to get it working with Flask - can you please provide me with an example code or point me to the correct direction , please ?
thank you
from django-graphql-jwt.
thx for answer. I tryed to use Flask-GraphQL-Auth, but your variant is best way.
Hi @kavink,
I have not seen similar projects for Flask and Graphene but there is a Flask library that could be a perfect toolkit to make it yourself.
https://github.com/vimalloc/flask-jwt-extendedflask-jwt-extended has functions to develop all mutations included in Django-graphql-jwt.
* `tokenAuth(username, password)`: [create_access_token()](http://flask-jwt-extended.readthedocs.io/en/latest/api.html#flask_jwt_extended.create_access_token) * `verifyToken(token)`: [get_jwt_identity()](http://flask-jwt-extended.readthedocs.io/en/latest/api.html#flask_jwt_extended.get_jwt_identity) * `refreshToken(token)`: [create_refresh_token()](http://flask-jwt-extended.readthedocs.io/en/latest/api.html#flask_jwt_extended.create_refresh_token)
and you could use the
@jwt_required
decorator to limit access to data.import graphene import graphene_sqlalchemy from flask_jwt_extended import current_user, jwt_required class UserType(graphene_sqlalchemy.SQLAlchemyObjectType): class Meta: model = UserModel class Query(graphene.ObjectType): viewer = graphene.Field(UserType) users = graphene.List(UserType) @jwt_required def resolve_viewer(self, info, **kwargs): return current_user @jwt_required # TODO: @superuser_required def resolve_users(self, info, **kwargs): return info.context['session'].query(UserModel).all() class UpdateUser(graphene.Mutation): user = graphene.Field(UserType) class Arguments: email = graphene.String() @classmethod @jwt_required def mutate(cls, root, info, email): # TODO: update current_user return cls(user=current_user)
from django-graphql-jwt.
This works beautifully, appreciate it
from django-graphql-jwt.
Related Issues (20)
- How can I create/set JWT Token in Django view and then redirect to Frontend? HOT 1
- fails if root object types not named Query and Mutation HOT 3
- Cant Delete Cookies With Same Settings with tokenAuth Mutation
- Implement a log out HOT 1
- TypeError: Signal.__init__() got an unexpected keyword argument 'providing_args' HOT 1
- Selective application of JWT expiration check for specific operations
- import error from strawberry_django.utlis
- Tests fails in year 2038
- Graphene 3 support? HOT 2
- TypeError: JSONWebTokenMiddleware.__init__() takes 1 positional argument but 2 were given
- from django.utils.translation import ugettext as _
- Add custom key-value pair in JWT payload.
- cannot import name 'ugettext' from 'django.utils.translation' HOT 4
- Add fingerprint to token and cookies to prevent sidejacking
- Case sensitive Username
- TypeError: Signal.__init__() got an unexpected keyword argument 'providing_args' HOT 1
- JWT Stateless User Authentication
- Breaks when users are deleted HOT 1
- Check if access token is expired
- User is disabled error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-graphql-jwt.