API Documentation

In here you will find the API for everything exposed in this extension.

Configuring Flask-GraphQL-Auth

class flask_graphql_auth.GraphQLAuth(app=None)[source]

An object used to hold JWT settings for the Flask-GraphQL-Auth extension.

Instances of GraphQLAuth are not bound to specific apps, so you can create one in the main body of your code and then bind it to your app in a factory function.

__init__(app=None)[source]

Create the GraphQLAuth instance. You can either pass a flask application in directly here to register this extension with the flask app, or call init_app after creating this object (in a factory pattern). :param app: A flask application

init_app(app)[source]

Register this extension with the flask app.

Parameters:app – A flask application

Protected query decorators

flask_graphql_auth.query_jwt_required(fn)[source]

A decorator to protect a query resolver.

If you decorate an resolver with this, it will ensure that the requester has a valid access token before allowing the resolver to be called. This does not check the freshness of the access token.

flask_graphql_auth.query_header_jwt_required(fn)[source]

A decorator to protect a query resolver.

If you decorate an resolver with this, it will ensure that the requester has a valid access token before allowing the resolver to be called. This does not check the freshness of the access token.

flask_graphql_auth.query_jwt_refresh_token_required(fn)[source]

A decorator to protect a query resolver.

If you decorate an query resolver with this, it will ensure that the requester has a valid refresh token before allowing the resolver to be called.

flask_graphql_auth.query_header_jwt_refresh_token_required(fn)[source]

A decorator to protect a query resolver.

If you decorate an query resolver with this, it will ensure that the requester has a valid refresh token before allowing the resolver to be called.

Protected mutation decorators

flask_graphql_auth.mutation_jwt_required(fn)[source]

A decorator to protect a mutation.

If you decorate a mutation with this, it will ensure that the requester has a valid access token before allowing the mutation to be called. This does not check the freshness of the access token.

flask_graphql_auth.mutation_header_jwt_required(fn)[source]

A decorator to protect a mutation.

If you decorate a mutation with this, it will ensure that the requester has a valid access token before allowing the mutation to be called. This does not check the freshness of the access token.

flask_graphql_auth.mutation_jwt_refresh_token_required(fn)[source]

A decorator to protect a mutation.

If you decorate a mutation with this, it will ensure that the requester has a valid refresh token before allowing the mutation to be called.

Utilities

flask_graphql_auth.create_access_token(identity, user_claims=None)[source]

Create a new access token.

Parameters:
  • identity – The identity of this token, which can be any data that is json serializable. It can also be a python object
  • user_claims – User made claims that will be added to this token. it should be dictionary.
Returns:

An encoded access token
flask_graphql_auth.create_refresh_token(identity, user_claims=None)[source]

Creates a new refresh token.

Parameters:
  • identity – The identity of this token, which can be any data that is json serializable. It can also be a python object
  • user_claims – User made claims that will be added to this token. it should be dictionary.
Returns:

An encoded refresh token
flask_graphql_auth.get_raw_jwt()[source]

In a protected endpoint, this will return the python dictionary which has all of the claims of the JWT that is accessing the endpoint. If no JWT is currently present, an empty dict is returned instead.

flask_graphql_auth.get_jwt_identity()[source]

In a protected resolver or mutation, this will return the identity of the JWT that is accessing this endpoint. If no JWT is present,`None` is returned instead.

flask_graphql_auth.get_jwt_claims()[source]

In a protected resolver or mutation, this will return the dictionary of custom claims in the JWT that is accessing the endpoint. If no custom user claims are present, an empty dict is returned instead.

flask_graphql_auth.decode_jwt(encoded_token, secret, algorithm, identity_claim_key, user_claims_key)[source]

Decodes an encoded JWT

Parameters:
  • encoded_token – The encoded JWT string to decode
  • secret – Secret key used to encode the JWT
  • algorithm – Algorithm used to encode the JWT
  • identity_claim_key – expected key that contains the identity
  • user_claims_key – expected key that contains the user claims
Returns:

Dictionary containing contents of the JWT
flask_graphql_auth.get_jwt_data(token, token_type)[source]

Decodes encoded JWT token by using extension setting and validates token type

Parameters:
  • token – The encoded JWT string to decode
  • token_type – JWT type for type validation (access or refresh)
Returns:

Dictionary containing contents of the JWT

Fields

class flask_graphql_auth.AuthInfoField(*args, **kwargs)[source]