How to use Graphene GraphQL framework with Django REST Framework authentication

Question

I got some REST API endpoints in Django and I'd like to use the same authentication for Graphene. The documentation does not provide any guidance.

Answer 1

For example, if you are using authentication_classes = (TokenAuthentication,) in your API views, you could add an endpoint to a GraphQLView decorated in this way:

urls.py:

# ...
from rest_framework.authentication import TokenAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.decorators import authentication_classes, permission_classes, api_view

def graphql_token_view():
    view = GraphQLView.as_view(schema=schema)
    view = permission_classes((IsAuthenticated,))(view)
    view = authentication_classes((TokenAuthentication,))(view)
    view = api_view(['GET', 'POST'])(view)
    return view

urlpatterns = [
# ...
    url(r'^graphql_token', graphql_token_view()),
    url(r'^graphql', csrf_exempt(GraphQLView.as_view(schema=schema))),
    url(r'^graphiql', include('django_graphiql.urls')),
# ...

Note that we added a new ^graphql_token endpoint and kept the original ^graphql which is used by the GraphiQL tool.

Then, you should set the Authorization header in your GraphQL client and point to the graphql_token endpoint.

---

UPDATE: See this GitHub issue where people have suggested alternative solutions and full working examples.

Answer 2

Adding some additional steps that I had to take when following this integration:

class RTGraphQLView(GraphQLView):

def parse_body(self, request):
    if type(request) is rest_framework.request.Request:
        return request.data
    return super().parse_body(request)

Graphene was expecting the .body attr but DRF reads it and attaches it to .data before being passed to GraphQLView.