Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authorization with HTTP header not working

See original GitHub issue

Problem:

I have a JWT token provided and verifyToken mutation is working properly with provided token BUT when I set the Authorization header as “JWT <token>” it raises error with message “You do not have permission to perform this action.” (I have used login_required decorator in a mutation. I also use Postman for quering.) (I can make query from browser when I am logged in to admin panel.)

setting.py:

MIDDLEWARE = [
    ...
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    ...
]

GRAPHENE = {
    "SCHEMA": "home.schema.schema",
    "MIDDLEWARE": [
        "graphql_jwt.middleware.JSONWebTokenMiddleware",
    ],
}

AUTHENTICATION_BACKENDS = [
    "graphql_jwt.backends.JSONWebTokenBackend",
    "django.contrib.auth.backends.ModelBackend",
]

GRAPHQL_JWT = {
    "JWT_PAYLOAD_HANDLER": 'account.utils.jwt_payload',
}

Issue Analytics

State:
Created 2 years ago
Comments:7

Top GitHub Comments

6reactions

sandnimacommented, Oct 24, 2021

Encountering the same problem have tried using both postman and Insomnia. It doesn’t matter if I use the decorator or this:
user = info.context.user

  if not user.is_authenticated:
      raise Exception("Authentication credentials were not provided")

It’s because of middleware do this:

Comment out middleware from Graphene setting in your setting.py:

GRAPHENE = {
    "SCHEMA": "home.schema.schema",
    # "MIDDLEWARE": (
    #      "graphql_jwt.middleware.JSONWebTokenMiddleware",
    # ),
}

Import and add middleware in your urls.py file:

from graphql_jwt.middleware import JSONWebTokenMiddleware


urlpatterns = [
    ...
    path("graphql",
         csrf_exempt(
            GraphQLView.as_view(graphiql=True, middleware=[JSONWebTokenMiddleware])
         )
    ),
    ...
]

0reactions

juanjcardona13commented, Nov 15, 2021

Didn’t work for me. Can someone help please?

Top Results From Across the Web

HTTP Authorization header not working - Stack Overflow

HTTP Authorization header not working · I think, EnableCors in the api part need to check @roopteja. – Saravanakumar Natarajan · 1 ·...

Authorization - HTTP - MDN Web Docs - Mozilla

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a ......

API Authorization: header not working · Issue #4243 - GitHub

Using the /api/swagger web UI, hit the 'Authorize' button and put your token into the AuthorizationHeaderToken value field. · Create a new issue ......

Question: Https client authorization header not set when using ...

Hi, Hi, Can't get the http client to interpret replacement variables for http headers. I use dynamic document properties to set replacement variables....

Auth token is not passing through header - the Tyk community

Maybe you can try to change the Authorization header name for one of the Auth types in tyk. I faced a similar issue...