HTTP only cookie

[ChuksGrinage]

I'm new to python so bare with me: I'm trying to set http-only cookie with ariadne. I'm currently using django, with ariadne-jwt for my authentication but unlike graphene there doesnt seem to be a package or any example online of someone implementing a http-only cookie. I was wondering if anyone has any tips or examples or perhaps a simple middleware that would automatically set cookies for my frontend.

I'm basing my authentication on this: https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/#refresh_token

[fdemian]

Hi, I'm having the same problem. Has anyone figured out how to do this?

[fdemian]

@Chuks1993 don't know if this helps, but I ended up solving this by having separate routes from login and logout methods.
Here's what the code looks like:

@app.route('/logout', methods=['POST'])
def logout_route():
    return logout_method()

@app.route('/login', methods=['POST'])
def login_route():
    jsonreq = request.get_json(force=True)
    return login_method(jsonreq['username'], jsonreq['password'])

@app.route("/graphql", methods=["POST"])
def graphql_server():
   if request.content_type.startswith("multipart/form-data"):
      data = combine_multipart_data(
         json.loads(request.form.get("operations")),
         json.loads(request.form.get("map")),
         dict(request.files)
      )
   else:
       data = request.get_json()

   success, result = graphql_sync(
          graphl_schema,
          data,
          context_value=request,
          debug=app.debug
       )

   status_code = 200 if success else 400
   return jsonify(result), status_code

And here is the login method.

from flask import make_response, jsonify

def login_method(username, password):
    """
     ....
    """
    settings = "....."
   # Try to authenticate user.
    user = authenticate_user(username, password, settings)
    expiration_time = settings['jwt']["expiration"]

    if user is not None:
        jwt_token = get_user_token(user, settings, expiration_time)

        response = {
          'token': jwt_token,
          'user': user
        }

        token_header = "access_token=" + jwt_token

        res = make_response(jsonify(
            ok = True,
            ttl = expiration_time,
            id = user['id'])
        )

        res.set_cookie(
           "Set-Cookie",
           value=token_header,
           httponly=True,
           secure=False
        )

        return res

    else:
        return {
          "ok": False,
          "id": None
        }

For the record:

A) I'm using the SQLAlchemy flask backend.
B) I omitted some of the methods and variables used because they were not relevant.