Basic UsageΒΆ
from flask import Flask
import graphene
from flask_graphql_auth import (
AuthInfoField,
GraphQLAuth,
get_jwt_identity,
get_raw_jwt,
create_access_token,
create_refresh_token,
query_jwt_required,
mutation_jwt_refresh_token_required,
mutation_jwt_required,
)
from flask_graphql import GraphQLView
app = Flask(__name__)
auth = GraphQLAuth(app)
app.config["JWT_SECRET_KEY"] = "something" # change this!
app.config["JWT_ACCESS_TOKEN_EXPIRES"] = 10 # 10 minutes
app.config["JWT_REFRESH_TOKEN_EXPIRES"] = 30 # 30 days
class MessageField(graphene.ObjectType):
message = graphene.String()
class ProtectedUnion(graphene.Union):
class Meta:
types = (MessageField, AuthInfoField)
@classmethod
def resolve_type(cls, instance, info):
return type(instance)
class AuthMutation(graphene.Mutation):
class Arguments(object):
username = graphene.String()
password = graphene.String()
access_token = graphene.String()
refresh_token = graphene.String()
@classmethod
def mutate(cls, _, info, username, password):
return AuthMutation(
access_token=create_access_token(username),
refresh_token=create_refresh_token(username),
)
class ProtectedMutation(graphene.Mutation):
class Arguments(object):
token = graphene.String()
message = graphene.Field(ProtectedUnion)
@classmethod
@mutation_jwt_required
def mutate(cls, _, info):
return ProtectedMutation(
message=MessageField(message="Protected mutation works")
)
class RefreshMutation(graphene.Mutation):
class Arguments(object):
refresh_token = graphene.String()
new_token = graphene.String()
@classmethod
@mutation_jwt_refresh_token_required
def mutate(self, _):
current_user = get_jwt_identity()
return RefreshMutation(
new_token=create_access_token(identity=current_user),
)
class Mutation(graphene.ObjectType):
auth = AuthMutation.Field()
refresh = RefreshMutation.Field()
protected = ProtectedMutation.Field()
class Query(graphene.ObjectType):
protected = graphene.Field(type=ProtectedUnion, token=graphene.String())
@query_jwt_required
def resolve_protected(self, info):
return MessageField(message="Hello World!")
schema = graphene.Schema(query=Query, mutation=Mutation)
app.add_url_rule(
"/graphql",
view_func=GraphQLView.as_view("graphql", schema=schema, graphiql=True),
)
if __name__ == "__main__":
app.run(debug=True)
Important
To make protected query or mutation with auth decorators, we have to make union with flask_graphql_auth.AuthInfoField to allow auth decorators return AuthInfoField when a problem occurs. Also, If you want to assign union to mutation, you have to override resolve_type
To get token with auth mutation try this query:
mutation {
auth(password: <any word>, username: <any word>) {
accessToken
refreshToken
}
}
To refresh the token with refresh mutation try this one:
mutation {
refresh(refreshToken: <access token>) {
newToken
}
}
To access a jwt_required protected query or mutation, all we have to do is send in the JWT in the query. By default, this is done with an mutation or query argument that looks like:
{
protected(token: <access token>) {
... on MessageField {
message
}
}
}
mutation {
protected(token: <access token>) {
message {
... on MessageField {
message
}
}
}
}