django-graphql-auth
django-graphql-auth copied to clipboard
PedroBern
Incompatible with django-graphql-jwt's cookie functionality
Description
The Django GraphQL JWT package supports storing JWT tokens in cookies and this effects among other things the refreshToken mutation by no longer requiring it as an argument (since the frontend JS is intentionally unable to access the token itself). Behind the scenes JWT presumably adds middleware or modifies existing classes to extract the token from passed Cookie headers. When using this Cookie configuration, django_graphql_auth won't work properly since it requires the refreshToken to be passed as an actual graphql argument.
Steps to Reproduce
If we need to reproduce and you don't provide steps for it, it will be closed. Alternatively, you can link a repo with the code to run your issue.
- Go through minimal setup of django_graphql_jwt and enable cookie authentication and various settings:
- https://django-graphql-jwt.domake.io/en/latest/authentication.html#per-cookie
- Install django_graphql_auth
- Observe impossibility of passing
refreshTokento therefreshTokenmutation due to client no longer being able to access and pass along refreshToken since it is stored in cookie.
Expected behavior
I would expect that when django_graphql_jwt is configured to use cookies, django_graphql_auth would adjust it's mutations accordingly to extract the JWT from cookies in same manner django_graphql_jwt does.
Actual behavior
django_graphql_jwt generates mutations that cannot be used due to refreshToken not being able to be explicitly passed as a graphql mutation argument.
Requirements
django==3.0.6
django-graphql-jwt==0.3.1
graphene-django==2.9.1
django-graphql-auth==0.3.10
django==3.0.6 django-graphql-jwt==0.3.1 graphene-django==2.9.1 django-graphql-auth==0.3.10
Hi @mcabrams did you try with django-graphql-jwt==0.3.0? Currently, this package does not support the 0.3.1 version.
