Authentication

Creating the Users app

Quick note: The Django already comes with the whole Users concept, you will extend it to accept tokens.

After creating the users app, define its model – the layer between Django and the database.

To reflect this changes on the database, create a migration and run it.

Unfortunately, there’s an issue here: since you initialized Django with its own User model, you need to flush the database.

Creating a User

To create a user data must be sent to the server through a mutation.

In this mutation the server will receive a username, password and email, returning the created user information. Remember that on your last mutation – CreateLink – the mutation returned field by field, now, you are returning a full User, where the client can ask the fields it wants.

Execute the following code on the GraphiQL interface:

On the response, you already can see the new user. Hurray!

Querying the Users

Before authenticating, let’s create a query for listing all users:

To test it, send a query to the server:

Authenticating a User

In modern web applications – when clients and servers are different applications – authentication generally happens with tokens. The client gets a token during the authentication process and send it on all subsequent requests. One of the most used methods is JWT.

Unfortunately, neither Django or Graphene comes with the token approach builtin, so you are going to use sessions to accomplish the same task. Sessions are little pieces of information the server can store and retrieve from the client.

But keep in mind this method may not be recommend for production systems! Take a loot at JWT if you need to go this way!

Unlock the next chapter
Which is the best way to authorize users in the modern web?
Sessions
Cookies
Tokens
Local Storage