How can I make user is authenticated?

Question

Sorry, I dont know how to change syntax in stackowerflow and decided just put link to repository for you:
https://github.com/ilya-6370/todo-react

The folder backend/todo is main folder with settings,py and main file scheme.py

The folder backemd/todoapp is the folder with details of app and api for todos in scheme.py

the folder frontend is the folder with react app where i am using apolo client to make request and to add custom header

When I am trying to fetch todos I get permission error:

{"errors":[{"message":"You do not have permission to perform this action","locations":[{"line":2,"column":3}],"path":["todos"]}],"data":{"todos":null}}

headers:

request headers :

1. accept:

   */*

2. Accept-Encoding:

   gzip, deflate, br

3. Accept-Language:

   ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7

4. authorisation:

   JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InVzZXIiLCJleHAiOjE2NzA1MzgwNzIsIm9yaWdJYXQiOjE2NzA1Mzc3NzJ9.eGl0oI2x7kYeuhRyryhUdcLyNgnvXuUSRsBJu6_iHFY

5. Connection:

   keep-alive

6. Content-Length:

   111

7. content-type:

   application/json

8. Host:

   127.0.0.1:8000

9. Origin:

   http://localhost:3000

10. Referer:

    http://localhost:3000/

11. sec-ch-ua:

    "Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"

12. sec-ch-ua-mobile:

    ?0

13. sec-ch-ua-platform:

    "Windows"

14. Sec-Fetch-Dest:

    empty

15. Sec-Fetch-Mode:

    cors

16. Sec-Fetch-Site:

    cross-site

17. User-Agent:

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36

I have a custom field "authorisation" with token. How I can make user authorased for system by jwt token (I think it is my problem because I made authontication requiered fields in my scheme.py file in todoapp folder. I think that token does not give authonticated status, I need a way to make user authonticated by token. )

I tryed to add

GRAPHQL_JWT = {
    'JWT_AUTH_HEADER_PREFIX': 'JWT',
}

to settings.py but nothin is changed

Answer 1

Damn this one took longer than it should :D. I create my auth backends, ergo I had no clue how this one works.

I've checked and you need to update your urls.py to this:

from django.contrib import admin
from django.urls import path
from graphene_django.views import GraphQLView
from django.views.decorators.csrf import csrf_exempt
from graphql_jwt.decorators import jwt_cookie


urlpatterns = [
    path('admin/', admin.site.urls),
    path("graphql/", jwt_cookie(csrf_exempt(GraphQLView.as_view(graphiql=True)))),
]

The problem you are facing is this package takes token from cookie and not from { "Authorization" : "Bearer token" }

Just wrap your view with jwt_cookie to allow the workload happen under the hood and package on its own will resolve it.

I would also suggest you to structure your schema otherwise. I usually create dir(MyModel) for each model/app-> dir(graphql) -> queries.py, mutations.py, types.py et cetera and in the end schema.py in which I create Query/Mutation and pass everything into that.

On the project level you create schema.py and in that you import schemas from your app and one final Query/Mutation classes which inherit app.schema.Query/Mutation and paste it into schema = Schema(...)

Also I suggest you to use Strawberry GraphQL + it's relatives instead of Graphene. Graphene isn't the greatest and goes out of support.