Open mcabrams opened 4 years ago
PedroBern
commented
4 years ago django==3.0.6 django-graphql-jwt==0.3.1 graphene-django==2.9.1 django-graphql-auth==0.3.10
Hi @mcabrams did you try with django-graphql-jwt==0.3.0? Currently, this package does not support the 0.3.1 version.
mcabrams
commented
4 years ago @PedroBern Yes, this is not specific to 0.3.1, same behavior with 0.3.0
irmiller22
commented
4 years ago Is there an update on this issue? I'm also running into this as well.
Description
The Django GraphQL JWT package supports storing JWT tokens in cookies and this effects among other things the
refreshTokenmutation by no longer requiring it as an argument (since the frontend JS is intentionally unable to access the token itself). Behind the scenes JWT presumably adds middleware or modifies existing classes to extract the token from passed Cookie headers. When using this Cookie configuration, django_graphql_auth won't work properly since it requires therefreshTokento be passed as an actual graphql argument.Steps to Reproduce
If we need to reproduce and you don't provide steps for it, it will be closed. Alternatively, you can link a repo with the code to run your issue.
refreshTokento therefreshTokenmutation due to client no longer being able to access and pass along refreshToken since it is stored in cookie.Expected behavior
I would expect that when django_graphql_jwt is configured to use cookies, django_graphql_auth would adjust it's mutations accordingly to extract the JWT from cookies in same manner django_graphql_jwt does.
Actual behavior
django_graphql_jwt generates mutations that cannot be used due to refreshToken not being able to be explicitly passed as a graphql mutation argument.
Requirements