Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

All requests are always authenticated

See original GitHub issue

I’m not sure if I am missing out something, I have checked thoroughly that I have added the MIDDLEWARE and AUTHENTICATION_BACKENDS correctly. I am using the @login_required decorator to protect a query that responds with user information if successful.

However, when I use the GraphQL interactive window to send an unauthenticated query, it responds back with a users info(superuser created using the model managers createsuperuser function). The interactive window has no provision to include the Authorization header, therefore this query should not resolve in the first place.

Below are some of my code snippets:

class UserType(DjangoObjectType):
    class Meta:
        model = get_user_model()

class Query(graphene.ObjectType):
    me = graphene.Field(UserType)

    @login_required
    def resolve_me(self, info, **kwargs):
        return info.context.user

Issue Analytics

State:
Created 4 years ago
Comments:6

Top GitHub Comments

2reactions

GalaxyZpjcommented, May 21, 2020

Make sure you are logged out of admin.

1reaction

nrgxcommented, Mar 23, 2020

I’ve just setup backend, and didn’t prepared frontend. But yes, I will use localStorage.

On Mon, Mar 23, 2020, 8:20 AM assman notifications@github.com wrote:

@nrgx https://github.com/nrgx thank you for sharing 😃

This is kind of unrelated to the issue, can I check with you, where do you store the token on the client side? i.e localStorage or cookies?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/flavors/django-graphql-jwt/issues/180#issuecomment-602326961, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEKNYTFDCVS4MUV4AW3TDHTRI3BP5ANCNFSM4LGKNYSQ .

Top Results From Across the Web

spring security is authenticating all requests even though they ...

In case of public requests(the ones that are permitted and not to be authenticated), the JWTAuthenticationFilter will still be called, however, ...

Authenticating Requests (AWS Signature Version 4)

Every interaction with Amazon S3 is either authenticated or anonymous. This section explains request authentication with the AWS Signature Version 4 ...

[Feature Request] Define authentication setting on ... - GitHub

I now have to set the authentication settings on each request. But, because it's the same API, the settings are always the same....

What is Authentication? - TechTarget

The authentication process always comes before the authorization process. ... end-user application; that token is appended to every request from the client.

WWW-Authenticate - HTTP - MDN Web Docs

A server using HTTP authentication will respond with a 401 Unauthorized response to a request for a protected resource.