v0.4

[PedroBern]

The new version of django-graphql-jwt (v0.3.1) is not compatible with the v0.3.X version of this package, so we need to release the v0.4.X.

Here is the difference from 0.3.0 to 0.3.1

Here is a suggestion of how to solve it.

Need maintainers

Please if you have the time and want to work on this package, all PRs are welcome!

[panosangelopoulos]

Hi @PedroBern thanks for your message and i will be glad to accept your invitation.

[ulgens]

Me too, thanks for kind words :slightly_smiling_face:

[pors]

@PedroBern sure I'm in! I also don't have crazy amounts of time, but together we can make it work I guess.

I was thinking, maybe we could investigate to integrate with https://github.com/pennersr/django-allauth to make it suitable for graphql? No idea if this is feasible, but we could then focus on graphql stuff only since the email/template/custom users, etc are already in place.

Just a wild idea :D

cc @panosangelopoulos @ulgens @yanivtoledano

[PedroBern]

@pors @panosangelopoulos @ulgens Thanks for accepting! I'm very excited about it! Already sent the invitation, now you have full access. I forget to add in the list above, I'm updating it now, let's always commit in feature branches and merge to the master/v0.4.

I was thinking, maybe we could investigate to integrate with https://github.com/pennersr/django-allauth to make it suitable for graphql? No idea if this is feasible, but we could then focus on graphql stuff only since the email/template/custom users, etc are already in place.

@pors this is a wild idea as you said! Allauth is very robust and solve the same problems as we are trying to solve here, however, it uses the traditional django template system. The main idea, in the beginning, was to provide a simple plug and play for single-page-applications (SPAs), web apps and native apps. Just like djoser and django-rest-auth. django-rest-auth uses allauth for registration and social authentication, but I think if we would integrate it, would mean to completely change the package, for example, allauth handle the verification email very differently, while here we don't even store the email-token in the database, I think they have a very extensive email model. But it is always important to discuss, we can talk about the advantages and disadvantages of trying to do it.

The social login allauth provides is great! We can try to integrate it, or use other solutions, like django-graphql-social-auth, or even build from the ground, just like django-graphql-social-auth did.

[ulgens]

Sorry for unpinning this, pinned back, my bad.

[irmiller22]

Hi! What's the ETA for getting 0.4.0 out? I'm particularly interested in the USER_NODE_FIELDS setting.

[PedroBern]

@irmiller22 there is no ETA, this package needs maintainers, currently, it's a community driven, I'm just releasing the new version when there is a new PR

[drc0]

I think that django-graphql-jwt 0.3.1 is essential for production usage given how revocation tokens are handled (see for example long lasting tokens and how now they are polluting the db at each refresToken invocation).

The documentation now online for django-graphql-auth is referring to non existing fields (like refreshExpiresIn for refreshToken mutation), probably because django_jwt is now pinned to 0.3.0, so I think supporting 0.3.1 is essential, or maybe offer a way to install 0.3.1 with a release candidate package for django-graphql-auth and deal with the inconsistencies presented here https://github.com/PedroBern/django-graphql-auth/issues/25#issuecomment-721799884 on the client side, for example now I'm forcing with pip install --no-dependencies django-graphql-jwt==0.3.1 and keeping django-graphql-auth==0.3.16 , everything is fine for now except the errors regarding invalid tokens reported as required field errors (for sure there is something else but I'm yet to test everything).

I'm leaving the above comment to help others searching why those fields are missing and what is the state of things for now.

The real question is this one: if we had time to work on djang-graphql-auth to support django_jwt 0.3.1 is there a list of things that need to be done so to takle them in an ordered manner?

[stephenmullens]

@drc0 Did you get a resolution on the best way forward with django_jwt 0.3.1 or subsequent newer versions? How did you solve this?