New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to update JWT to include user id or any other custom properties? #86
Comments
django-graphql-jwt is written on top of pyjwt https://pyjwt.readthedocs.io/en/latest/. WIth pyjwt you can construct your own jwt token payload. example: |
Yes, I am aware of that but not sure which base classes to override in graphql_jwt to hook into to provide custom implementation for pyjwt. |
Did you test the adjusted resolver function here: https://django-graphql-jwt.domake.io/en/stable/customizing.html and verify that it failed with your custom user model? Stepping back, why are you placing the user_id in the jwt_token? |
Oh it works but I rather have user_id in the token, that's what a signed read-only token is for to attached user level attributes to it. Even if you look at the openid protocol, a token should have an attribute called subject(sub) which is userid of the authenticating user. |
So is the use case to assign authorization post token authentication, or a matter of preference to align with the openid protocol? |
Matter of preference really as any developer who understands JWT based authentication would expect subject to be a part of the token....instead of jwt_graphene way of doing things https://django-graphql-jwt.domake.io/en/stable/customizing.html. In token I should be able to add information like which Groups they belong to etc... |
It looks like user is already part of the jwt payload. See: https://github.com/flavors/django-graphql-jwt/blob/master/graphql_jwt/utils.py Editing jwt_payload would be the place to do any additional custom edits to the jwt itself. |
Brilliant that's what I was looking for...I will see how that goes. Thanks a lot :) |
Works! settings.py
utils.py
|
Bumps [poetry](https://github.com/python-poetry/poetry) from 1.1.8 to 1.1.9. - [Release notes](https://github.com/python-poetry/poetry/releases) - [Changelog](https://github.com/python-poetry/poetry/blob/1.1.9/CHANGELOG.md) - [Commits](python-poetry/poetry@1.1.8...1.1.9) --- updated-dependencies: - dependency-name: poetry dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
I have a custom user model and I would like to have user_id as a part of jwt token provided from tokenAuth call. I don't think https://django-graphql-jwt.domake.io/en/stable/customizing.html is the right solution and hence would like to customise the token itself.
The text was updated successfully, but these errors were encountered: