Quickstart

Dependencies

  • Django ≥ 1.11

Installation

Install last stable version v0.2.2 from Pypi:

pip install django-graphql-jwt

Add AuthenticationMiddleware middleware to your MIDDLEWARE settings:

MIDDLEWARE = [
    ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    ...
]

Add JSONWebTokenMiddleware middleware to your GRAPHENE settings:

GRAPHENE = {
    'SCHEMA': 'mysite.myschema.schema',
    'MIDDLEWARE': [
        'graphql_jwt.middleware.JSONWebTokenMiddleware',
    ],
}

Add JSONWebTokenBackend backend to your AUTHENTICATION_BACKENDS:

AUTHENTICATION_BACKENDS = [
    'graphql_jwt.backends.JSONWebTokenBackend',
    'django.contrib.auth.backends.ModelBackend',
]

Schema

Add mutations to the root schema:

import graphene
import graphql_jwt


class Mutation(graphene.ObjectType):
    token_auth = graphql_jwt.ObtainJSONWebToken.Field()
    verify_token = graphql_jwt.Verify.Field()
    refresh_token = graphql_jwt.Refresh.Field()


schema = graphene.Schema(mutation=Mutation)

Queries

  • tokenAuth to authenticate the user and obtain a JSON Web Token.

    The mutation uses your User’s model USERNAME_FIELD, which by default is username:

    mutation TokenAuth($username: String!, $password: String!) {
      tokenAuth(username: $username, password: $password) {
        token
      }
    }
    
  • verifyToken to validate the token and obtain the token payload:

    mutation VerifyToken($token: String!) {
      verifyToken(token: $token) {
        payload
      }
    }
    
  • refreshToken to obtain a brand new token with renewed expiration time:

    Configure your refresh token scenario and set to True the JWT_VERIFY_EXPIRATION setting.