GraphQLquery~30 mins

JWT integration in GraphQL - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

JWT Integration in GraphQL API

📖 Scenario: You are building a simple GraphQL API that requires user authentication using JWT (JSON Web Tokens). This API will allow users to log in and access protected data only if they provide a valid JWT token.

🎯 Goal: Build a GraphQL API with JWT integration that authenticates users and protects a query so only authenticated users can access it.

📋 What You'll Learn

Create a user data structure with username and password

Add a secret key configuration for signing JWT tokens

Implement a login mutation that returns a JWT token

Protect a query by verifying the JWT token from the request

💡 Why This Matters

🌍 Real World

JWT is widely used to secure APIs by ensuring only authenticated users can access protected resources.

💼 Career

Understanding JWT integration is essential for backend developers working with modern web APIs and authentication systems.

Progress0 / 4 steps

DATA SETUP: Create a user data structure

Create a dictionary called users with one user entry: username 'alice' and password 'wonderland'.

GraphQL

# Create the users dictionary with username 'alice' and password 'wonderland'
# Your code here

Hint

Use a Python dictionary with the username as the key and password as the value.

CONFIGURATION: Add a secret key for JWT

Create a variable called SECRET_KEY and set it to the string 'mysecretkey'.

GraphQL

users = {'alice': 'wonderland'}
# Create a SECRET_KEY variable with value 'mysecretkey'
# Your code here

Hint

This key will be used to sign and verify JWT tokens.

CORE LOGIC: Implement login mutation to return JWT token

Write a function called login that takes username and password. If the credentials match the users dictionary, return a JWT token signed with SECRET_KEY containing the username. Use the jwt library's encode method with algorithm 'HS256'.

GraphQL

users = {'alice': 'wonderland'}
SECRET_KEY = 'mysecretkey'
# Define login(username, password) function to return JWT token if credentials match
# Your code here

Hint

Use jwt.encode({'username': username}, SECRET_KEY, algorithm='HS256') to create the token.

COMPLETION: Protect a query by verifying JWT token

Write a function called get_protected_data that takes a token string. Decode the token using jwt.decode with SECRET_KEY and algorithm 'HS256'. If decoding succeeds, return the string 'Protected data for {username}' where {username} is from the token payload. If decoding fails, return 'Access denied'.

GraphQL

import jwt

def login(username, password):
    if users.get(username) == password:
        token = jwt.encode({'username': username}, SECRET_KEY, algorithm='HS256')
        return token
    return null

users = {'alice': 'wonderland'}
SECRET_KEY = 'mysecretkey'

# Define get_protected_data(token) to decode JWT and return protected message
# Your code here

Hint

Use a try-except block to catch invalid tokens and return 'Access denied'.