PedroBern / django-graphql-auth

Django registration and authentication with GraphQL.
https://django-graphql-auth.readthedocs.io/en/latest/
MIT License
333 stars 105 forks source link

Incompatible with django-graphql-jwt's cookie functionality #48

Open mcabrams opened 4 years ago

mcabrams commented 4 years ago

Description

The Django GraphQL JWT package supports storing JWT tokens in cookies and this effects among other things the refreshToken mutation by no longer requiring it as an argument (since the frontend JS is intentionally unable to access the token itself). Behind the scenes JWT presumably adds middleware or modifies existing classes to extract the token from passed Cookie headers. When using this Cookie configuration, django_graphql_auth won't work properly since it requires the refreshToken to be passed as an actual graphql argument.

Steps to Reproduce

If we need to reproduce and you don't provide steps for it, it will be closed. Alternatively, you can link a repo with the code to run your issue.

  1. Go through minimal setup of django_graphql_jwt and enable cookie authentication and various settings:
  2. Install django_graphql_auth
  3. Observe impossibility of passing refreshToken to the refreshToken mutation due to client no longer being able to access and pass along refreshToken since it is stored in cookie.

Expected behavior

I would expect that when django_graphql_jwt is configured to use cookies, django_graphql_auth would adjust it's mutations accordingly to extract the JWT from cookies in same manner django_graphql_jwt does.

Actual behavior

django_graphql_jwt generates mutations that cannot be used due to refreshToken not being able to be explicitly passed as a graphql mutation argument.

Requirements

django==3.0.6
django-graphql-jwt==0.3.1
graphene-django==2.9.1
django-graphql-auth==0.3.10
PedroBern commented 4 years ago

django==3.0.6 django-graphql-jwt==0.3.1 graphene-django==2.9.1 django-graphql-auth==0.3.10

Hi @mcabrams did you try with django-graphql-jwt==0.3.0? Currently, this package does not support the 0.3.1 version.

mcabrams commented 4 years ago

@PedroBern Yes, this is not specific to 0.3.1, same behavior with 0.3.0

irmiller22 commented 4 years ago

Is there an update on this issue? I'm also running into this as well.