rscarrera27 / flask-graphql-auth Goto Github PK

I don't see where JWT_REFRESH_TOKEN_EXPIRES is actually used in the code base.

I've tried to use example from here, for instance:

{
  protected(message: "hello", token: "my access token")
}

but I've got

{
  "errors": [
    {
      "message": "Field \"protected\" of type \"ProtectedUnion\" must have a sub selection.",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ]
    },
    {
      "message": "Unknown argument \"message\" on field \"protected\" of type \"Query\".",
      "locations": [
        {
          "line": 2,
          "column": 13
        }
      ]
    }
  ]
}

Working case I was able to achieve only with query:

{
  protected(token: "my access token") {
    ... on MessageField {
      message
    }
  }
}

Also I've managed to make the protected mutation with

mutation {
  protected(token: "my access token") {
    message {
      ... on MessageField {
        message
      }
    }
  }
}

I don’t know what it is connected with, but if it's now the valid way, it should be reflected in docs. Last case especially :)

The docs reference ACCESS_EXP_LENGTH and REFRESH_EXP_LENGTH app config variables, but the only place I can find a reference to them is in the examples and conftest.py. Are these used by a dependency? Or should we use the JWT_ACCESS_TOKEN_EXPIRES and JWT_REFRESH_TOKEN_EXPIRES instead?

I had a problem while wrapping the following query with @query_jwt_required.

query{
  returnArrayQuery(token: ""){
    ...
}

The error was cause GraphQl expects an iterable and the wrapper provides AuthInfoField when theres an error with jwt. I managed to solve it with the following code.

def query_jwt_required_list(fn):
    @wraps(fn)
    def wrapper(*args, **kwargs):
        token = kwargs.pop(current_app.config["JWT_TOKEN_ARGUMENT_NAME"])
        try:
            verify_jwt_in_argument(token)
        except Exception as e:
            return [AuthInfoField(message=str(e))] # Returns a list

        return fn(*args, **kwargs)

    return wrapper

I wonder if there's a native solution without need to modify the source code.

When passing a simple string value to create an access token, no token can be created.

Results in the following:

Flask의 app.errorhandler로 캐치를 걸어봤지만 무시되고 GraphQLLocatedError가 발생하며 스택트레이스 출력됨.

현재까지의 분석을 요약하자면 Flask-GraphQL이 graphql 요청을 받아 graphene에 쿼리 실행을 시키는데 이때 Exception이 발생할 경우 GraphQLError로 감싸져서 전달되고, 그 Exception이 포함된 쿼리 결과가 여러 함수를 통과하면서 GraphQLLocatedError를 발생시킴. 문제는 이 예외들이 캐치가 안되면서 스택트레이스가 그대로 출력됨

AuthInfoField makes things complex especially if you use Relay.
A lot of errors of the type : Object doesn't match crop up.

Can the error simply be a graphQLError ?
(from the library graphql.error.base import GraphQLError )

Creating the JWT tokens would throw graphql.error.located_error.GraphQLLocatedError: 'str' object has no attribute 'decode'
The short-term solution I have is to specify your PyJWT version to be PyJWT==1.7.1 in your requirements.txt.

The change log can be found below.

https://github.com/jpadilla/pyjwt/releases/tag/2.0.0

I am having an issue when using the mutation_jwt_required decorator, when taking in the mutate function of graphene.Mutation class as the callback function.

It's possibly something to do with cls being invoked to call AuthInfoField. Could it be the case that this needs to be omitted and be similar to how the query_jwt_required decorator handles an exception?

Traceback (most recent call last):
  File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 199, in wrapper
    verify_jwt_in_argument(token)
  File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 66, in verify_jwt_in_argument
    jwt_data = get_jwt_data(token, "access")
  File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 44, in get_jwt_data
    jwt_data = decode_jwt(
  File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 21, in decode_jwt
    data = jwt.decode(encoded_token, secret, algorithms=[algorithm])
  File "/opt/pattoo-daemon/.python/jwt/api_jwt.py", line 104, in decode
    self._validate_claims(payload, merged_options, **kwargs)
  File "/opt/pattoo-daemon/.python/jwt/api_jwt.py", line 134, in _validate_claims
    self._validate_exp(payload, now, leeway)
  File "/opt/pattoo-daemon/.python/jwt/api_jwt.py", line 175, in _validate_exp
    raise ExpiredSignatureError('Signature has expired')
jwt.exceptions.ExpiredSignatureError: Signature has expired

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/pattoo-daemon/.python/graphql/execution/executor.py", line 452, in resolve_or_error
    return executor.execute(resolve_fn, source, info, **args)
  File "/opt/pattoo-daemon/.python/graphql/execution/executors/sync.py", line 16, in execute
    return fn(*args, **kwargs)
  File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 201, in wrapper
    return cls(AuthInfoField(message=str(e)))
TypeError: 'NoneType' object is not callable
Traceback (most recent call last):
  File "/opt/pattoo-daemon/.python/graphql/execution/executor.py", line 452, in resolve_or_error
    return executor.execute(resolve_fn, source, info, **args)
  File "/opt/pattoo-daemon/.python/graphql/execution/executors/sync.py", line 16, in execute
    return fn(*args, **kwargs)
  File "/opt/pattoo-daemon/.python/flask_graphql_auth/decorators.py", line 201, in wrapper
    return cls(AuthInfoField(message=str(e)))
graphql.error.located_error.GraphQLLocatedError: 'NoneType' object is not callable

When passing a simple string through the create_access_token and create_refresh_token methods, throws the following error:

I've tried passing in encoded data for the identifier, but that is unable to be processed with the following message:

as same as rscarrera27/Sanic-JWT-Extended#9

Can you please create a video ( a tutorial) describing how a layman like me can implement it ? The reason I am asking is - I tried to follow the doc but I was not sure , I was understanding why I was doing, what I was doing.

I hope you will take this into consideration.

Thanks a lot for everything.

I have the following authenticate mutation :

class AuthMutation(graphene.Mutation):
    access_token = graphene.String()
    refresh_token = graphene.String()

    class Arguments:
        username = graphene.String()
        password = graphene.String()

    def mutate(self, info, username, password) :
        user = User.query.filter_by(username=username, password=password).first()
        print(user)
        if not user:
            raise Exception('Authenication Failure : User is not registered')
        if not user.verify_password(password):
            raise Exception('Authenication Failure : Incorrect Password')
        return AuthMutation(
            access_token=create_access_token(username),
            refresh_token=create_refresh_token(username)
        )

When the method create_access_token(username) runs, it throws a type error even though the username is a String.

I even tried to do run the function in debugConsole,create_access_token("random") but the same TypeError was thrown.

Hello @NovemberOscar ,

This has been a smooth ride doing auth with graphql with this pip.
However, when the flask application restarts, the jwt will no longer be valid.
Is there a way to persist this data into a database?
Let me know.

Thanks,
Mahesh

Thanks for everybody use this extension.

Now I'm focusing on sanic-jwt-extended project and not uses GraphQL now(no time to track graphene lib and GraphQL standards). so I can't maintain this extension actively now.

It will be great if someone join this project as a maintainer. if you want to, mention me at this issue or mail me.

Thanks and sorry.
Seonghyeon Kim

as same as rscarrera27/Sanic-JWT-Extended#8 ...