Settings

Django-graphql-jwt reads your configuration from a single Django setting named GRAPHQL_JWT:

GRAPHQL_JWT = {
    "JWT_VERIFY_EXPIRATION": True,
    "JWT_EXPIRATION_DELTA": timedelta(minutes=10),
}

Here’s a list of settings available in django-graphql-jwt and their default values:

PyJWT

JWT_ALGORITHM

Algorithm for cryptographic signing

Default: "HS256"

JWT_AUDIENCE

Identifies the recipients that the JWT is intended for

Default: None

JWT_ISSUER

Identifies the principal that issued the JWT

Default: None

JWT_LEEWAY

Validate an expiration time which is in the past but not very far

Default: timedelta(seconds=0)

JWT_SECRET_KEY

The secret key used to sign the JWT

Default: settings.SECRET_KEY

JWT_PUBLIC_KEY

The RSA public key for RS256, RS384 or RS512 asymmetric algorithms. JWT_SECRET_KEY setting will be ignored

Default: None

JWT_PRIVATE_KEY

The RSA private key for RS256, RS384 or RS512 asymmetric algorithms. JWT_SECRET_KEY setting will be ignored

Default: None

JWT_VERIFY

Secret key verification

Default: True

JWT_ENCODE_HANDLER

A custom function to encode the token

jwt_encode(payload, context=None)[source]

JWT_DECODE_HANDLER

A custom function to decode the token

jwt_decode(token, context=None)[source]

JWT_PAYLOAD_HANDLER

A custom function to generate the token payload

jwt_payload(user, context=None)[source]

JWT_PAYLOAD_GET_USERNAME_HANDLER

A custom function to obtain the username:

lambda payload: payload.get(get_user_model().USERNAME_FIELD)

JWT_GET_USER_BY_NATURAL_KEY_HANDLER

A custom function to get User object from username

get_user_by_natural_key(username)[source]

Token expiration

JWT_VERIFY_EXPIRATION

Expiration time verification

Default: False

JWT_EXPIRATION_DELTA

Timedelta added to utcnow() to set the expiration time

Default: timedelta(minutes=5)

Refresh token

JWT_ALLOW_REFRESH

Enable token refresh

Default: True

JWT_REFRESH_EXPIRATION_DELTA

Limit on token refresh

Default: timedelta(days=7)

JWT_LONG_RUNNING_REFRESH_TOKEN

Enable long time running refresh token

Default: False

JWT_REFRESH_TOKEN_MODEL

The model to use to represent a refresh token

class RefreshToken(*args, **kwargs)[source]

RefreshToken default model

JWT_REFRESH_TOKEN_N_BYTES

Long running refresh token number of bytes

Default: 20

JWT_REUSE_REFRESH_TOKENS

A new long running refresh token is being generated but replaces the existing database record and thus invalidates the previous long running refresh token.

Default: False

JWT_REFRESH_EXPIRED_HANDLER

A custom function to determine if refresh has expired

refresh_has_expired(orig_iat, context=None)[source]

JWT_GET_REFRESH_TOKEN_HANDLER

A custom function to retrieve a long time refresh token instance

get_refresh_token_by_model(refresh_token_model, token, context=None)[source]

Permissions

JWT_ALLOW_ANY_HANDLER

A custom function to determine the non-authentication per-field

allow_any(info, **kwargs)[source]

JWT_ALLOW_ANY_CLASSES

A list or tuple of Graphene classes that do not need authentication

Default: ()

HTTP header

JWT_AUTH_HEADER_NAME

Authorization header name

Default: "HTTP_AUTHORIZATION"

JWT_AUTH_HEADER_PREFIX

Authorization header prefix

Default: "JWT"

Per-argument

JWT_ALLOW_ARGUMENT

Allow per-argument authentication system

Default: False

JWT_ARGUMENT_NAME

Argument name for per-argument authentication system

Default: "token"

CSRF

JWT_CSRF_ROTATION

Rotate CSRF tokens each time a token or refresh token is issued

Default: False