Get JWT from headerΒΆ
You can get JWT from header by use these decorators.
- query_header_jwt_required
- query_header_jwt_refresh_token_required
- mutation_header_jwt_required,
- mutation_jwt_header_refresh_token_required
This is example usage.
from flask import Flask
import graphene
from flask_graphql_auth import (
AuthInfoField,
GraphQLAuth,
get_jwt_identity,
create_access_token,
create_refresh_token,
query_header_jwt_required,
mutation_header_jwt_refresh_token_required,
mutation_header_jwt_required,
)
from flask_graphql import GraphQLView
app = Flask(__name__)
auth = GraphQLAuth(app)
app.config["JWT_SECRET_KEY"] = "something" # change this!
app.config["JWT_ACCESS_TOKEN_EXPIRES"] = 10 # 10 minutes
app.config["JWT_REFRESH_TOKEN_EXPIRES"] = 30 # 30 days
class MessageField(graphene.ObjectType):
message = graphene.String()
class ProtectedUnion(graphene.Union):
class Meta:
types = (MessageField, AuthInfoField)
@classmethod
def resolve_type(cls, instance, info):
return type(instance)
class AuthMutation(graphene.Mutation):
class Arguments(object):
username = graphene.String()
password = graphene.String()
access_token = graphene.String()
refresh_token = graphene.String()
@classmethod
def mutate(cls, _, info, username, password):
return AuthMutation(
access_token=create_access_token(username),
refresh_token=create_refresh_token(username),
)
class ProtectedMutation(graphene.Mutation):
class Arguments(object):
pass
message = graphene.Field(ProtectedUnion)
@classmethod
@mutation_header_jwt_required
def mutate(cls, _, info):
return ProtectedMutation(
message=MessageField(message="Protected mutation works")
)
class RefreshMutation(graphene.Mutation):
class Arguments(object):
pass
new_token = graphene.String()
@classmethod
@mutation_header_jwt_refresh_token_required
def mutate(cls, _):
current_user = get_jwt_identity()
return RefreshMutation(
new_token=create_access_token(identity=current_user),
)
class Mutation(graphene.ObjectType):
auth = AuthMutation.Field()
refresh = RefreshMutation.Field()
protected = ProtectedMutation.Field()
class Query(graphene.ObjectType):
protected = graphene.Field(type=ProtectedUnion)
@query_header_jwt_required
def resolve_protected(self, info):
return MessageField(message="Hello World!")
schema = graphene.Schema(query=Query, mutation=Mutation)
app.add_url_rule(
"/graphql",
view_func=GraphQLView.as_view("graphql", schema=schema, graphiql=True),
)
if __name__ == "__main__":
app.run(debug=True)