Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization with HTTP header not working #289

Open
sandnima opened this issue Oct 18, 2021 · 8 comments
Open

Authorization with HTTP header not working #289

sandnima opened this issue Oct 18, 2021 · 8 comments

Comments

@sandnima
Copy link

sandnima commented Oct 18, 2021
edited
Loading

Problem:

I have a JWT token provided and verifyToken mutation is working properly with provided token
BUT when I set the Authorization header as "JWT <token>" it raises error with message "You do not have permission to perform this action."
(I have used login_required decorator in a mutation. I also use Postman for quering.)
(I can make query from browser when I am logged in to admin panel.)

setting.py:

MIDDLEWARE = [
    ...
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    ...
]

GRAPHENE = {
    "SCHEMA": "home.schema.schema",
    "MIDDLEWARE": [
        "graphql_jwt.middleware.JSONWebTokenMiddleware",
    ],
}

AUTHENTICATION_BACKENDS = [
    "graphql_jwt.backends.JSONWebTokenBackend",
    "django.contrib.auth.backends.ModelBackend",
]

GRAPHQL_JWT = {
    "JWT_PAYLOAD_HANDLER": 'account.utils.jwt_payload',
}
@Ruben1701
Copy link

Ruben1701 commented Oct 23, 2021
edited
Loading

Encountering the same problem have tried using both postman and Insomnia. It doesn't matter if I use the decorator or this:

user = info.context.user

  if not user.is_authenticated:
      raise Exception("Authentication credentials were not provided")

@sandnima
Copy link
Author

Encountering the same problem have tried using both postman and Insomnia. It doesn't matter if I use the decorator or this:

user = info.context.user

  if not user.is_authenticated:
      raise Exception("Authentication credentials were not provided")

It's because of middleware
do this:

  1. Comment out middleware from Graphene setting in your setting.py:
GRAPHENE = {
    "SCHEMA": "home.schema.schema",
    # "MIDDLEWARE": (
    #      "graphql_jwt.middleware.JSONWebTokenMiddleware",
    # ),
}
  1. Import and add middleware in your urls.py file:
from graphql_jwt.middleware import JSONWebTokenMiddleware


urlpatterns = [
    ...
    path("graphql",
         csrf_exempt(
            GraphQLView.as_view(graphiql=True, middleware=[JSONWebTokenMiddleware])
         )
    ),
    ...
]

@Ruben1701
Copy link

@sandnima Thanks a lot! Couldn't find a fix anywhere. Do you have a link or something where this was explained?

@sandnima
Copy link
Author

@sandnima Thanks a lot! Couldn't find a fix anywhere. Do you have a link or something where this was explained?

Didn't that work for you?
I fixed it myself. As you said I didn't find any explanation anywhere.

@JSv4
Copy link

JSv4 commented Oct 26, 2021

Didn't work for me. What's the rationale behind the fix?

@JSv4
Copy link

JSv4 commented Nov 1, 2021
edited
Loading

This didn't work for me, but I think I found a fix by changing the allow_any method, which appears to have some kind of bug in it. Not 100% sure what the root cause is. See my issue #291

@JSv4 JSv4 mentioned this issue Nov 1, 2021
Closed
@juanjcardona13
Copy link

Didn't work for me. Can someone help please?

@abdulhafeez1724
Copy link

it worked for me thanks champion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@JSv4 @abdulhafeez1724 @Ruben1701 @juanjcardona13 @sandnima