rscarrera27 / flask-graphql-auth Goto Github PK
View Code? Open in Web Editor NEW(UNMAINTAINED. FEEL FREE TO FORK) 🐍A Pythonic way to provide JWT authentication for Flask-GraphQL
License: MIT License
(UNMAINTAINED. FEEL FREE TO FORK) 🐍A Pythonic way to provide JWT authentication for Flask-GraphQL
License: MIT License
I don't see where JWT_REFRESH_TOKEN_EXPIRES
is actually used in the code base.
I've tried to use example from here, for instance:
{
protected(message: "hello", token: "my access token")
}
but I've got
{
"errors": [
{
"message": "Field \"protected\" of type \"ProtectedUnion\" must have a sub selection.",
"locations": [
{
"line": 2,
"column": 3
}
]
},
{
"message": "Unknown argument \"message\" on field \"protected\" of type \"Query\".",
"locations": [
{
"line": 2,
"column": 13
}
]
}
]
}
Working case I was able to achieve only with query:
{
protected(token: "my access token") {
... on MessageField {
message
}
}
}
Also I've managed to make the protected mutation with
mutation {
protected(token: "my access token") {
message {
... on MessageField {
message
}
}
}
}
I don’t know what it is connected with, but if it's now the valid way, it should be reflected in docs. Last case especially :)
The docs reference ACCESS_EXP_LENGTH
and REFRESH_EXP_LENGTH
app config variables, but the only place I can find a reference to them is in the examples and conftest.py. Are these used by a dependency? Or should we use the JWT_ACCESS_TOKEN_EXPIRES
and JWT_REFRESH_TOKEN_EXPIRES
instead?
I had a problem while wrapping the following query with @query_jwt_required.
query{
returnArrayQuery(token: ""){
...
}
The error was cause GraphQl expects an iterable and the wrapper provides AuthInfoField when theres an error with jwt. I managed to solve it with the following code.
def query_jwt_required_list(fn):
@wraps(fn)
def wrapper(*args, **kwargs):
token = kwargs.pop(current_app.config["JWT_TOKEN_ARGUMENT_NAME"])
try:
verify_jwt_in_argument(token)
except Exception as e:
return [AuthInfoField(message=str(e))] # Returns a list
return fn(*args, **kwargs)
return wrapper
I wonder if there's a native solution without need to modify the source code.
Flask의 app.errorhandler로 캐치를 걸어봤지만 무시되고 GraphQLLocatedError가 발생하며 스택트레이스 출력됨.
현재까지의 분석을 요약하자면 Flask-GraphQL이 graphql 요청을 받아 graphene에 쿼리 실행을 시키는데 이때 Exception이 발생할 경우 GraphQLError로 감싸져서 전달되고, 그 Exception이 포함된 쿼리 결과가 여러 함수를 통과하면서 GraphQLLocatedError를 발생시킴. 문제는 이 예외들이 캐치가 안되면서 스택트레이스가 그대로 출력됨
AuthInfoField makes things complex especially if you use Relay.
A lot of errors of the type : Object doesn't match crop up.
Can the error simply be a graphQLError ?
(from the library graphql.error.base import GraphQLError
)
Creating the JWT tokens would throw graphql.error.located_error.GraphQLLocatedError: 'str' object has no attribute 'decode'
The short-term solution I have is to specify your PyJWT version to be PyJWT==1.7.1
in your requirements.txt.
The change log can be found below.
I am having an issue when using the mutation_jwt_required
decorator, when taking in the mutate function of graphene.Mutation class as the callback function.
It's possibly something to do with cls
being invoked to call AuthInfoField. Could it be the case that this needs to be omitted and be similar to how the query_jwt_required decorator handles an exception?
Traceback (most recent call last):
File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 199, in wrapper
verify_jwt_in_argument(token)
File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 66, in verify_jwt_in_argument
jwt_data = get_jwt_data(token, "access")
File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 44, in get_jwt_data
jwt_data = decode_jwt(
File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 21, in decode_jwt
data = jwt.decode(encoded_token, secret, algorithms=[algorithm])
File "/opt/pattoo-daemon/.python/jwt/api_jwt.py", line 104, in decode
self._validate_claims(payload, merged_options, **kwargs)
File "/opt/pattoo-daemon/.python/jwt/api_jwt.py", line 134, in _validate_claims
self._validate_exp(payload, now, leeway)
File "/opt/pattoo-daemon/.python/jwt/api_jwt.py", line 175, in _validate_exp
raise ExpiredSignatureError('Signature has expired')
jwt.exceptions.ExpiredSignatureError: Signature has expired
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/pattoo-daemon/.python/graphql/execution/executor.py", line 452, in resolve_or_error
return executor.execute(resolve_fn, source, info, **args)
File "/opt/pattoo-daemon/.python/graphql/execution/executors/sync.py", line 16, in execute
return fn(*args, **kwargs)
File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 201, in wrapper
return cls(AuthInfoField(message=str(e)))
TypeError: 'NoneType' object is not callable
Traceback (most recent call last):
File "/opt/pattoo-daemon/.python/graphql/execution/executor.py", line 452, in resolve_or_error
return executor.execute(resolve_fn, source, info, **args)
File "/opt/pattoo-daemon/.python/graphql/execution/executors/sync.py", line 16, in execute
return fn(*args, **kwargs)
File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 201, in wrapper
return cls(AuthInfoField(message=str(e)))
graphql.error.located_error.GraphQLLocatedError: 'NoneType' object is not callable
as same as rscarrera27/Sanic-JWT-Extended#9
Can you please create a video ( a tutorial) describing how a layman like me can implement it ? The reason I am asking is - I tried to follow the doc but I was not sure , I was understanding why I was doing, what I was doing.
I hope you will take this into consideration.
Thanks a lot for everything.
I have the following authenticate mutation :
class AuthMutation(graphene.Mutation):
access_token = graphene.String()
refresh_token = graphene.String()
class Arguments:
username = graphene.String()
password = graphene.String()
def mutate(self, info, username, password) :
user = User.query.filter_by(username=username, password=password).first()
print(user)
if not user:
raise Exception('Authenication Failure : User is not registered')
if not user.verify_password(password):
raise Exception('Authenication Failure : Incorrect Password')
return AuthMutation(
access_token=create_access_token(username),
refresh_token=create_refresh_token(username)
)
When the method create_access_token(username)
runs, it throws a type error even though the username is a String.
I even tried to do run the function in debugConsole,create_access_token("random")
but the same TypeError was thrown.
Hello @NovemberOscar ,
This has been a smooth ride doing auth with graphql with this pip.
However, when the flask application restarts, the jwt will no longer be valid.
Is there a way to persist this data into a database?
Let me know.
Thanks,
Mahesh
Thanks for everybody use this extension.
Now I'm focusing on sanic-jwt-extended
project and not uses GraphQL now(no time to track graphene lib and GraphQL standards). so I can't maintain this extension actively now.
It will be great if someone join this project as a maintainer. if you want to, mention me at this issue or mail me.
Thanks and sorry.
Seonghyeon Kim
as same as rscarrera27/Sanic-JWT-Extended#8 ...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.