CODEWITHSUNDEEP
djangojwtfacebook-logingraphene-djangodjango-graphql-jwt
Al Ryan Acain
Al Ryan Acain

Reputation: 556

How to integrate Facebook Login in django-graphql-jwt?

We have a django project that uses the Graphene-Django library to implement a GraphQL API in our project. This backend is accessed by our mobile apps. For the authentication of the apps, we use the django-graphql-jwt library, which is a JSON Web Token library in Django with GraphQL approach.

Now we want to implement the Facebook Login in our system and with it the authentication happens in Facebook. After authentication, what will be sent to our backend from the mobile app is only the email of the user. How can I register and authenticate the user in django-graphql-jwt without the password? Or is there a better workflow for this?

Upvotes: 1

Views: 401

Answers (1)

AviKKi
AviKKi

Reputation: 1204

After authentication, what will be sent to our backend from the mobile app is only the email of the user.

Hey Al Ryan, this seems like a faulty implementation of OAuth, what you get back from facebook is a token you send that token to your server, and it will send it back to facebook to verify it's not faked, then only user can be logged in.

Otherwise anyone can call the server with a email and act as that user.

This is a library with social auth and JWT support, see if this helps.

I'm also sharing solution from my project

  1. Create a facebookAuth named graphql mutation
  2. Above mutation will take two params access_token and access_verifier
  3. Send a GET request to this url f"https://graph.facebook.com/me?fields=name,email&access_token={access_token}"
  4. If json response has a key errors, stop user from logging in.
  5. Otherwise above response will contain email, use it to create/get a User object.
  6. Now you simply need to return the JWT token from your mutate function.
  7. To generate access and refresh tokens call this function jwt_encode, imported as from dj_rest_auth.utils import jwt_encode
  8. above will return tuple access_token, refresh_token

Note I have used dj_rest_auth instead of django-graphql-jwt, but it's pretty equivalent you just need a function to sign the JWT, rest all is custom logic so better write yourself.

PS: OAuth is a sensitive entry-point for attackers so implement is securely, you can contact at atul7555[at]gmail.com for any assistance.

Upvotes: 1

Related Questions