How to update JWT to include user id or any other custom properties?

[chirdeeptomar]

I have a custom user model and I would like to have user_id as a part of jwt token provided from tokenAuth call. I don't think https://django-graphql-jwt.domake.io/en/stable/customizing.html is the right solution and hence would like to customise the token itself.

[Diggitysc]

django-graphql-jwt is written on top of pyjwt https://pyjwt.readthedocs.io/en/latest/.

WIth pyjwt you can construct your own jwt token payload.

example:
encoded_jwt = jwt.encode({'user_id': '1'}, 'secret', algorithm='HS256')

[chirdeeptomar]

Yes, I am aware of that but not sure which base classes to override in graphql_jwt to hook into to provide custom implementation for pyjwt.

[Diggitysc]

Did you test the adjusted resolver function here: https://django-graphql-jwt.domake.io/en/stable/customizing.html and verify that it failed with your custom user model?

Stepping back, why are you placing the user_id in the jwt_token?

[chirdeeptomar]

Oh it works but I rather have user_id in the token, that's what a signed read-only token is for to attached user level attributes to it.

Even if you look at the openid protocol, a token should have an attribute called subject(sub) which is userid of the authenticating user.

[Diggitysc]

So is the use case to assign authorization post token authentication, or a matter of preference to align with the openid protocol?

[chirdeeptomar]

Matter of preference really as any developer who understands JWT based authentication would expect subject to be a part of the token....instead of jwt_graphene way of doing things https://django-graphql-jwt.domake.io/en/stable/customizing.html. In token I should be able to add information like which Groups they belong to etc...

[Diggitysc]

It looks like user is already part of the jwt payload. See: https://github.com/flavors/django-graphql-jwt/blob/master/graphql_jwt/utils.py

Editing jwt_payload would be the place to do any additional custom edits to the jwt itself.

[chirdeeptomar]

Brilliant that's what I was looking for...I will see how that goes. Thanks a lot :)

[chirdeeptomar]

Works!

settings.py

GRAPHQL_JWT = {
    'JWT_PAYLOAD_HANDLER': 'common.utils.jwt_payload',
}

utils.py

def jwt_payload(user, context=None):
    username = user.get_username()
    user_id = str(user.id)

    if hasattr(username, 'pk'):
        username = username.pk

    payload = {
        user.USERNAME_FIELD: username,
        'sub': user_id,
        'exp': datetime.utcnow() + jwt_settings.JWT_EXPIRATION_DELTA,
    }

    if jwt_settings.JWT_ALLOW_REFRESH:
        payload['origIat'] = timegm(datetime.utcnow().utctimetuple())

    if jwt_settings.JWT_AUDIENCE is not None:
        payload['aud'] = jwt_settings.JWT_AUDIENCE

    if jwt_settings.JWT_ISSUER is not None:
        payload['iss'] = jwt_settings.JWT_ISSUER

    return payload