Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Is it possible to get the headers from the request?

See original GitHub issue

Hello!

First of all, thank you so much for making Graphene and Graphene Django, they’re incredible.

Currently I’m trying to implement an authentication system, my idea was to return a JWT on a successful login and then send the token in a Authorization header, however, I don’t have any idea on how to access the request headers (or even if it’s possible).

Thank you so much once again 👏

Issue Analytics

State:
Created 6 years ago
Reactions:7
Comments:13 (1 by maintainers)

Top GitHub Comments

55reactions

abaskovcommented, Dec 14, 2017

@Oxyrus you can access request and its headers by using context field from info parameter in your resolve methods:

def resolve_some_field(self, info, ...):
    auth_header = info.context.META.get('HTTP_AUTHORIZATION')

However, for authentication purposes, you’d have to do that for all of your queries and mutations. Instead of that, you can define a custom view for your /graphql endpoint like this:

class TokenAuthGraphQLView(GraphQLView):
    def dispatch(self, request, *args, **kwargs):
        auth_header = request.META.get('HTTP_AUTHORIZATION')
        if valid_header(auth_header):
            return super().dispatch(request, *args, **kwargs)
        else:
            return HttpResponse('Authorization Error', status=401)

And use this view in your urls.py. You need to define valid_header function that will do actual validation.

Let me know if this helps.

6reactions

abaskovcommented, Dec 15, 2017

@Oxyrus that’s correct.

In this case, you can implement your own Middleware (http://docs.graphene-python.org/en/latest/execution/middleware/) and have different rules for different fields in your schema.

Other option would be to have two endpoints. One for non-logged users served by GraphQLView with query containing fields that should be exposed to everyone. And another endpoint served by TokenAuthGraphQLView with queries and mutations available to logged in users. I like it as it makes it easier to distinguish between public and private APIs, but GraphQL specification recommends having only one endpoint, so it might not follow the specification fully.

The third option would be to authenticate non-logged users as guests and provide access to certain fields based on your authorization rules and framework, but that’s basically the same as having authentication checks in all fields.

Top Results From Across the Web

Request.headers - Web APIs | MDN

The headers read-only property of the Request interface contains the Headers object associated with the request.

How To Get HTTP Request Header In Java - Mkyong.com

1.1 Loop over the request header's name and print out its value. WebUtils.java. package com.mkyong.web.utils; import javax.servlet.http.

Is it possible to get request headers from one ... - Stack Overflow

Yes. Have you right-clicked on the request copied as fetch to see how that's formatted? It won't be an automatic process, but you...

Is it possible to read and extract HTTP request headers via ...

I just need to be able to read the X-CSRF-TOKEN HTTP request header that is set in the HTTP request (not response), extract...

getallheaders - Manual - PHP

Beware that RFC2616 (HTTP/1.1) defines header fields as case-insensitive entities. Therefore, array keys of getallheaders() should be converted first to lower- ...