8👍
If you want restrict a GraphQL API endpoint to Django logged in users, you can do it by extending GraphQLView with LoginRequiredMixin
from django.contrib.auth.mixins import LoginRequiredMixin
from graphene_django.views import GraphQLView
class PrivateGraphQLView(LoginRequiredMixin, GraphQLView):
"""Adds a login requirement to graphQL API access via main endpoint."""
pass
and then adding this view to your urls.py like
path('api/', PrivateGraphQLView.as_view(schema=schema), name='api')
in the usual way as per the docs.
If you don’t want to protect your entire API, you can create another schema and endpoint for the unprotected queries and mutations, which allows a clear separation between each. For example in urls.py:
path('public_api/', GraphQLView.as_view(schema=public_schema), name='public_api')
Note that every API endpoint must have at least one query to work or it will cause an assertion error.
1👍
Not sure if it serves your purpose, but I’ve used the following library which used JWT authentication with graphene similar to how JWT with DRF works!
- [Django]-How can I use Flex to access foreign-keyed fields in Django?
- [Django]-Choices in Django model not being translated, possibly due to use of modelform or modelformset?
- [Django]-Using Requests python library to connect Django app failed on authentication
Source:stackexchange.com