It does not support Django Rest Framework token authentication backend

[mohamedrez]

when I try to access info.context.user it all the time returns anonymous user, my same code works fine with django-graphql-jwt

Debugging gives me this :

-> return self.middleware
(Pdb) self.middleware
[<graphene_django.debug.middleware.DjangoDebugMiddleware object at 0x7fb93ac8d590>]
(Pdb)

Means that no auth middleware has been set to the graphql view

[vinayan3]

To support DRF Token Authentication Backend I wrote a class which derives from GraphQLVIew.

from django.http import HttpResponse
from graphene_django.views import GraphQLView
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
from rest_framework.exceptions import AuthenticationFailed
from rest_framework.permissions import IsAuthenticated
from rest_framework import status

class AuthenticatedGraphQLView(GraphQLView):
  authentication_classes = [TokenAuthentication]
  permission_classes = [IsAuthenticated]

  def authenticate_request(self, request):
    for auth_class in self.authentication_classes:
      auth_tuple = auth_class().authenticate(request)
      if auth_tuple:
        request.user, request.token = auth_tuple
        break

  def check_permissions(self, request):
    for permission_class in self.permission_classes:
      if not permission_class().has_permission(request, self):
        return False
    return True

  @method_decorator(csrf_exempt)
  def dispatch(self, request, *args, **kwargs):
    try:
      self.authenticate_request(request)
      has_permission = self.check_permissions(request)
      if not has_permission:
        return HttpResponse(
            json.dumps({'errors': ['permission denied']}),
            status=status.HTTP_403_FORBIDDEN,
            content_type='application/json')
    except AuthenticationFailed as auth_failed_error:
      return HttpResponse(
          json.dumps({
            'errors': [str(auth_failed_error)]
          }),
          status=status.HTTP_401_UNAUTHORIZED,
          content_type='application/json')
    return super(AuthenticatedGraphQLView, self).dispatch(request, *args, **kwargs)

(edit) added the imports

[mohamedrez]

Thanks for the code you shared.

In my opinion, we should have a setting like :

GRAPHENE = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'profile.authentications.SomeAuthenticationClass',
    ),
}

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[danielmcquillen]

@vinayan3 Thanks for posting your code!

Question...did you ever try adding SessionAuthentication to your authentication_classes ?

Doing so is helpful if you want logged in users to be able to access the GraphiQL UI. However, when I tried adjusting the code you posted like so:

authentication_classes = [TokenAuthentication, SessionAuthentication]

It fails when DRF tries looking for request._request as part of the sessions auth check.

'WSGIRequest' object has no attribute '_request'

Curious if anyone else has attempted to use DRF token authentication and session authentication such that the GraphiQL UI is available to logged in users.

[lovetoburnswhen]

bump, I've resorted to a separate view for a DRF REST endpoint and another for graphiql