Authorization with HTTP header not working

flavors / django-graphql-jwt

JSON Web Token (JWT) authentication for Graphene Django

https://django-graphql-jwt.domake.io

MIT License

820 stars 172 forks source link

Authorization with HTTP header not working #289

Open sandnima opened 3 years ago

sandnima commented 3 years ago

Problem:

I have a JWT token provided and verifyToken mutation is working properly with provided token BUT when I set the Authorization header as "JWT \<token>" it raises error with message "You do not have permission to perform this action." (I have used login_required decorator in a mutation. I also use Postman for quering.) (I can make query from browser when I am logged in to admin panel.)

setting.py:

MIDDLEWARE = [
    ...
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    ...
]

GRAPHENE = {
    "SCHEMA": "home.schema.schema",
    "MIDDLEWARE": [
        "graphql_jwt.middleware.JSONWebTokenMiddleware",
    ],
}

AUTHENTICATION_BACKENDS = [
    "graphql_jwt.backends.JSONWebTokenBackend",
    "django.contrib.auth.backends.ModelBackend",
]

GRAPHQL_JWT = {
    "JWT_PAYLOAD_HANDLER": 'account.utils.jwt_payload',
}

Ruben1701 commented 3 years ago

Encountering the same problem have tried using both postman and Insomnia. It doesn't matter if I use the decorator or this:

user = info.context.user

  if not user.is_authenticated:
      raise Exception("Authentication credentials were not provided")

sandnima commented 3 years ago

Encountering the same problem have tried using both postman and Insomnia. It doesn't matter if I use the decorator or this:
user = info.context.user

  if not user.is_authenticated:
      raise Exception("Authentication credentials were not provided")

It's because of middleware do this:

Comment out middleware from Graphene setting in your setting.py:

GRAPHENE = {
"SCHEMA": "home.schema.schema",
# "MIDDLEWARE": (
#      "graphql_jwt.middleware.JSONWebTokenMiddleware",
# ),
}

Import and add middleware in your urls.py file:


from graphql_jwt.middleware import JSONWebTokenMiddleware

urlpatterns = [ ... path("graphql", csrf_exempt( GraphQLView.as_view(graphiql=True, middleware=[JSONWebTokenMiddleware]) ) ), ... ]

Ruben1701 commented 3 years ago

@sandnima Thanks a lot! Couldn't find a fix anywhere. Do you have a link or something where this was explained?

sandnima commented 3 years ago

@sandnima Thanks a lot! Couldn't find a fix anywhere. Do you have a link or something where this was explained?

Didn't that work for you? I fixed it myself. As you said I didn't find any explanation anywhere.

JSv4 commented 3 years ago

Didn't work for me. What's the rationale behind the fix?

JSv4 commented 3 years ago

This didn't work for me, but I think I found a fix by changing the allow_any method, which appears to have some kind of bug in it. Not 100% sure what the root cause is. See my issue #291

juanjcardona13 commented 3 years ago

Didn't work for me. Can someone help please?

abdulhafeez1724 commented 1 year ago

it worked for me thanks champion