API


Query

GraphQL Auth provides the UserQuery to query users with some useful filters.

GraphQL Auth also provides the MeQuery to retrieve data for the currently authenticated user.

UserQuery

from graphql_auth.schema import UserQuery

The easiest way to explore it is by using graphiQL.

Examples from the quickstart:

query {
  users {
    edges {
      node {
        username,
        archived,
        verified,
        email,
        secondaryEmail,
      }
    }
  }
}
{
  "data": {
    "users": {
      "edges": [
        {
          "node": {
            "username": "user1",
            "archived": false,
            "verified": false,
            "email": "user1@email.com",
            "secondaryEmail": null
          }
        },
        {
          "node": {
            "username": "user2",
            "archived": false,
            "verified": true,
            "email": "user2@email.com",
            "secondaryEmail": null
          }
        },
        {
          "node": {
            "username": "user3",
            "archived": true,
            "verified": true,
            "email": "user3@email.com",
            "secondaryEmail": null
          }
        },
        {
          "node": {
            "username": "user4",
            "archived": false,
            "verified": true,
            "email": "user4@email.com",
            "secondaryEmail": "user4_secondary@email.com"
          }
        }
      ]
    }
  }
}
query {
  users (last: 1){
    edges {
      node {
        id,
        username,
        email,
        isActive,
        archived,
        verified,
        secondaryEmail
      }
    }
  }
}
{
  "data": {
    "users": {
      "edges": [
        {
          "node": {
            "id": "VXNlck5vZGU6NQ==",
            "username": "new_user",
            "email": "new_user@email.com",
            "isActive": true,
            "archived": false,
            "verified": false,
            "secondaryEmail": null
          }
        }
      ]
    }
  }
}
query {
  user (id: "VXNlck5vZGU6NQ=="){
    username,
    verified
  }
}
{
  "data": {
    "user": {
      "username": "new_user",
      "verified": true
    }
  }
}

MeQuery

from graphql_auth.schema import MeQuery

Since this query requires an authenticated user it can be explored by using the insomnia API client. See the quickstart for more on how to use Insomnia.

Example from the quickstart:

query {
  me {
    username,
    verified
  }
}
{
  "data": {
    "user": {
      "username": "new_user",
      "verified": true
    }
  }
}

Mutations

All mutations can be imported like this:

from graphql_auth import mutations

# on your mutations
register = mutations.Register
from graphql_auth import relay

# on your mutations
register = use relay.Register

Standard response

All mutations return a standard response containing errors and success.

  • Example:
mutation {
  register(
    email: "new_user@email.com",
    username: "new_user",
    password1: "123456",
    password2: "123456",
  ) {
    success,
    errors,
    token,
    refreshToken
  }
}
{
  "data": {
    "register": {
      "success": false,
      "errors": {
        "password2": [
          {
            "message": "This password is too short. It must contain at least 8 characters.",
            "code": "password_too_short"
          },
          {
            "message": "This password is too common.",
            "code": "password_too_common"
          },
          {
            "message": "This password is entirely numeric.",
            "code": "password_entirely_numeric"
          }
        ]
      },
      "token": null
      "refreshToken": null
    }
  }
}
mutation {
  register(
    input: {
      email: "new_user@email.com",
      username: "new_user",
      password1: "123456",
      password2: "123456",
    }
  ) {
    success,
    errors,
    token,
    refreshToken
  }
}

Public

Public mutations don't require user to be logged in. You should add all of them in GRAPHQL_JWT["JWT_ALLOW_ANY_CLASSES"] setting.


ObtainJSONWebToken

Obtain JSON web token for given user.

Allow to perform login with different fields, and secondary email if set. The fields are defined on settings.

Not verified users can login by default. This can be changes on settings.

If user is archived, make it unarchive and return unarchiving=True on output.

mutation {
  tokenAuth(
    # username or email
    email: "skywalker@email.com"
    password: "123456super"
  ) {
    success,
    errors,
    token,
    refreshToken,
    unarchiving,
    user {
      id,
      username
    }
  }
}
{
  "data": {
    "tokenAuth": {
      "success": true,
      "errors": null,
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImV4cCI6MTU3OTQ1ODI2Niwib3JpZ0lhdCI6MTU3OTQ1Nzk2Nn0.BKz4ohxQCGtJWnyd5tIbYFD2kpGYDiAVzWTDO2ZyUYY",
      "refreshToken": "5f5fad67cd043437952ddde2750be20201f1017b",
      "unarchiving": false,
      "user": {
        "id": "VXNlck5vZGU6MQ==",
        "username": "skywalker"
      }
    }
  }
}
mutation {
  tokenAuth(
    input: {
      email: "skywalker@email.com"
      password: "123456super"
    }
  ) {
    success,
    errors,
    token,
    refreshToken,
    user {
      id,
      username
    }
  }
}
{
  "data": {
    "tokenAuth": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Please, enter valid credentials.",
            "code": "invalid_credentials"
          }
        ]
      },
      "token": null,
      "refreshToken": null,
      "unarchiving": false,
      "user": null
    }
  }
}

PasswordSet

Set user password - for passwordless registration

Receive the token that was sent by email.

If token and new passwords are valid, set user password and in case of using refresh tokens, revoke all of them.

Also, if user has not been verified yet, verify it.

mutation {
  passwordSet(
    token: "1eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImFjdGlvbiI6InBhc3N3b3JkX3Jlc2V0In0:1itExL:op0roJi-ZbO9cszNEQMs5mX3c6s",
    newPassword1: "supersecretpassword",
    newPassword2: "supersecretpassword"
  ) {
    success,
    errors
  }
}
{
  "data": {
    "passwordSet": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  passwordSet(
    input: {
      token: "1eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImFjdGlvbiI6InBhc3N3b3JkX3Jlc2V0In0:1itExL:op0roJi-ZbO9cszNEQMs5mX3c6s",
      newPassword1: "supersecretpassword",
      newPassword2: "supersecretpassword"
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "passwordSet": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Invalid token.",
            "code": "invalid_token"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "passwordSet": {
      "success": false,
      "errors": {
        "newPassword2": [
          {
            "message": "The two password fields didn’t match.",
            "code": "password_mismatch"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "passwordSet": {
      "success": false,
      "errors": {
        "newPassword2": [
          {
            "message": "This password is too short. It must contain at least 8 characters.",
            "code": "password_too_short"
          },
          {
            "message": "This password is too common.",
            "code": "password_too_common"
          },
          {
            "message": "This password is entirely numeric.",
            "code": "password_entirely_numeric"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "passwordSet": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Password already set for account.",
            "code": "password_already_set"
          }
        ]
      }
    }
  }
}

PasswordReset

Change user password without old password.

Receive the token that was sent by email.

If token and new passwords are valid, update user password and in case of using refresh tokens, revoke all of them.

Also, if user has not been verified yet, verify it.

mutation {
  passwordReset(
    token: "1eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImFjdGlvbiI6InBhc3N3b3JkX3Jlc2V0In0:1itExL:op0roJi-ZbO9cszNEQMs5mX3c6s",
    newPassword1: "supersecretpassword",
    newPassword2: "supersecretpassword"
  ) {
    success,
    errors
  }
}
{
  "data": {
    "passwordReset": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  passwordReset(
    input: {
      token: "1eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImFjdGlvbiI6InBhc3N3b3JkX3Jlc2V0In0:1itExL:op0roJi-ZbO9cszNEQMs5mX3c6s",
      newPassword1: "supersecretpassword",
      newPassword2: "supersecretpassword"
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "passwordReset": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Invalid token.",
            "code": "invalid_token"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "passwordReset": {
      "success": false,
      "errors": {
        "newPassword2": [
          {
            "message": "The two password fields didn’t match.",
            "code": "password_mismatch"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "passwordReset": {
      "success": false,
      "errors": {
        "newPassword2": [
          {
            "message": "This password is too short. It must contain at least 8 characters.",
            "code": "password_too_short"
          },
          {
            "message": "This password is too common.",
            "code": "password_too_common"
          },
          {
            "message": "This password is entirely numeric.",
            "code": "password_entirely_numeric"
          }
        ]
      }
    }
  }
}

RefreshToken

Same as grapgql_jwt implementation, with standard output.

mutation {
  refreshToken(
    refreshToken: "d9b58dce41cf14549030873e3fab3be864f76ce44"
  ) {
    success,
    errors,
    payload,
    refreshExpiresIn,
    token,
    refreshToken
  }
}
{
  "data": {
    "refreshToken": {
      "success": true,
      "errors": null,
      "payload": {
        "username": "skywalker",
        "exp": 1601646082,
        "origIat": 1601645782
      },
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImV4cCI6MTYwMTY0NjA4Miwib3JpZ0lhdCI6MTYwMTY0NTc4Mn0.H6gLeky7lX834kBI5RFT8ziNNfGOL3XXg1dRwvpQuRI",
      "refreshToken": "a64f732b4e00432f2ff1b47537a11458be13fc82",
      "refreshExpiresIn": 1602250582
    }
  }
}
mutation {
  refreshToken(
    input: {
      refreshToken: "d9b58dce41cf14549030873e3fab3be864f76ce44"
    }
  ) {
    success,
    errors,
    payload,
    refreshExpiresIn,
    token,
    refreshToken
  }
}
{
  "data": {
    "refreshToken": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Invalid token.",
            "code": "invalid_token"
          }
        ]
      }
    }
  }
}

Register

Register user with fields defined in the settings.

If the email field of the user model is part of the registration fields (default), check if there is no user with that email or as a secondary email.

If it exists, it does not register the user, even if the email field is not defined as unique (default of the default django user model).

When creating the user, it also creates a UserStatus related to that user, making it possible to track if the user is archived, verified and has a secondary email.

Send account verification email.

If allowed to not verified users login, return token.

mutation {
  register(
    email:"skywalker@email.com",
    username:"skywalker",
    password1: "qlr4nq3f3",
    password2:"qlr4nq3f3"
  ) {
    success,
    errors,
    token,
    refreshToken
  }
}
{
  "data": {
    "register": {
      "success": true,
      "errors": null,
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImpvZWpvZSIsImV4cCI6MTU4MDE0MjE0MCwib3JpZ0lhdCI6MTU4MDE0MTg0MH0.BGUSGKUUd7IuHnWKy8V6MU3slJ-DHsyAdAjGrGb_9fw",
      "refreshToken": "d9b58dce41cf14549030873e3fab3be864f76ce44"
    }
  }
}
mutation {
  register(
    input: {
      email:"skywalker@email.com",
      username:"skywalker",
      password1: "qlr4nq3f3",
      password2:"qlr4nq3f3"
    }
  ) {
    success,
    errors,
    token,
    refreshToken
  }
}
{
  "data": {
    "register": {
      "success": false,
      "errors": {
        "username": [
          {
            "message": "A user with that username already exists.",
            "code": "unique"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}
{
  "data": {
    "register": {
      "success": false,
      "errors": {
        "password2": [
          {
            "message": "The two password fields didn’t match.",
            "code": "password_mismatch"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}
{
  "data": {
    "register": {
      "success": false,
      "errors": {
        "password2": [
          {
            "message": "This password is too short. It must contain at least 8 characters.",
            "code": "password_too_short"
          },
          {
            "message": "This password is too common.",
            "code": "password_too_common"
          },
          {
            "message": "This password is entirely numeric.",
            "code": "password_entirely_numeric"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}
{
  "data": {
    "register": {
      "success": false,
      "errors": {
        "email": [
          {
            "message": "Enter a valid email address.",
            "code": "invalid"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}

ResendActivationEmail

Sends activation email.

It is called resend because theoretically the first activation email was sent when the user registered.

If there is no user with the requested email, a successful response is returned.

mutation {
  resendActivationEmail(
    email:"skywalker@email.com",
  ) {
    success,
    errors

  }
}
{
  "data": {
    "register": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  resendActivationEmail(
    input: {
      email:"skywalker@email.com",
    }
  ) {
    success,
    errors

  }
}
{
  "data": {
    "resendActivationEmail": {
      "success": false,
      "errors": {
        "email": [
          [
            {
              "message": "Account already verified.",
              "code": "already_verified"
            }
          ]
        ]
      }
    }
  }
}
{
  "data": {
    "resendActivationEmail": {
      "success": false,
      "errors": {
        "email": [
          {
            "message": "Enter a valid email address.",
            "code": "invalid"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "resendActivationEmail": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
            {
              "message": "Failed to send email.",
              "code": "email_fail"
            }
        ]
      }
    }
  }
}

RevokeToken

Same as grapgql_jwt implementation, with standard output.

mutation {
  revokeToken(
    refreshToken: "a64f732b4e00432f2ff1b47537a11458be13fc82"
  ) {
    success,
    errors
  }
}
{
  "data": {
    "revokeToken": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  revokeToken(
    input: {
      refreshToken: "a64f732b4e00432f2ff1b47537a11458be13fc82"
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "revokeToken": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Invalid token.",
            "code": "invalid_token"
          }
        ]
      }
    }
  }
}

SendPasswordResetEmail

Send password reset email.

For non verified users, send an activation email instead.

Accepts both primary and secondary email.

If there is no user with the requested email, a successful response is returned.

mutation {
  sendPasswordResetEmail(
    email: "skywalker@email.com"
  ) {
    success,
    errors
  }
}
{
  "data": {
    "register": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  sendPasswordResetEmail(
    input: {
      email: "skywalker@email.com"
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "sendPasswordResetEmail": {
      "success": false,
      "errors": {
        "email": [
          {
            "message": "Enter a valid email address.",
            "code": "invalid"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "sendPasswordResetEmail": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
            {
              "message": "Failed to send email.",
              "code": "email_fail"
            }
        ]
      }
    }
  }
}
{
  "data": {
    "sendPasswordResetEmail": {
      "success": false,
      "errors": {
        "email": [
          {
            "message": "Verify your account. A new verification email was sent.",
            "code": "not_verified"
          }
        ]
      }
    }
  }
}

VerifyAccount

Verify user account.

Receive the token that was sent by email. If the token is valid, make the user verified by making the user.status.verified field true.

mutation {
  verifyAccount(
    token:"eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImFjdGlvbiI6ImFjdGl2YXRpb24ifQ:1itC5A:vJhRJwBcrNxvmEKxHrZa6Yoqw5Q",
  ) {
    success, errors
  }
}
{
  "data": {
    "verifyAccount": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  verifyAccount(
    input: {
      token:"eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImFjdGlvbiI6ImFjdGl2YXRpb24ifQ:1itC5A:vJhRJwBcrNxvmEKxHrZa6Yoqw5Q",
    }
  ) {
    success, errors
  }
}
{
  "data": {
    "verifyAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Invalid token.",
            "code": "invalid_token"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "verifyAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Account already verified.",
            "code": "already_verified"
          }
        ]
      }
    }
  }
}

VerifySecondaryEmail

Verify user secondary email.

Receive the token that was sent by email. User is already verified when using this mutation.

If the token is valid, add the secondary email to user.status.secondary_email field.

Note that until the secondary email is verified, it has not been saved anywhere beyond the token, so it can still be used to create a new account. After being verified, it will no longer be available.

mutation {
  verifySecondaryEmail(
    token: "eyJ1c2VybmFtZSI6Im5ld191c2VyMSIsImFjdGlvbiI6ImFjdGl2YXRpb25fc2Vjb25kYXJ5X2VtYWlsIiwic2Vjb25kYXJ5X2VtYWlsIjoibXlfc2Vjb25kYXJ5X2VtYWlsQGVtYWlsLmNvbSJ9:1ivhfJ:CYZswRKV3avWA8cb41KqZ1-zdVo"
    ) {
    success, errors
  }
}
{
  "data": {
    "verifySecondaryEmail": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  verifySecondaryEmail(
    input: {
      token: "eyJ1c2VybmFtZSI6Im5ld191c2VyMSIsImFjdGlvbiI6ImFjdGl2YXRpb25fc2Vjb25kYXJ5X2VtYWlsIiwic2Vjb25kYXJ5X2VtYWlsIjoibXlfc2Vjb25kYXJ5X2VtYWlsQGVtYWlsLmNvbSJ9:1ivhfJ:CYZswRKV3avWA8cb41KqZ1-zdVo"
    }
  ) {
    success, errors
  }
}
{
  "data": {
    "verifySecondaryEmail": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Invalid token.",
            "code": "invalid_token"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "verifySecondaryEmail": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Expired token.",
            "code": "expired_token"
          }
        ]
      }
    }
  }
}

VerifyToken

Same as grapgql_jwt implementation, with standard output.

mutation {
  verifyToken(
    token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImV4cCI6MTU3OTQ1ODY3Miwib3JpZ0lhdCI6MTU3OTQ1ODM3Mn0.rrB4sMA-v7asrr8Z2ru69U1x-d98DuEJVBnG2F1C1S0"
  ) {
    success,
    errors,
    payload
  }
}
{
  "data": {
    "verifyToken": {
      "success": true,
      "errors": null,
      "payload": {
        "username": "skywalker",
        "exp": 1579458672,
        "origIat": 1579458372
      }
    }
  }
}
mutation {
  verifyToken(
    input:
      token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InNreXdhbGtlciIsImV4cCI6MTU3OTQ1ODY3Miwib3JpZ0lhdCI6MTU3OTQ1ODM3Mn0.rrB4sMA-v7asrr8Z2ru69U1x-d98DuEJVBnG2F1C1S0"
    }
  ) {
    success,
    errors,
    payload
  }
}
{
  "data": {
    "verifyToken": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Invalid token.",
            "code": "invalid_token"
          }
        ]
      },
      "payload": null
    }
  }
}
{
  "data": {
    "verifyToken": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Expired token.",
            "code": "expired_token"
          }
        ]
      }
    }
  }
}

Protected

Protected mutations require the http Authorization header.

If you send a request without the http Authorization header, or a bad token:

  • If using graphql_jwt.backends.JSONWebTokenBackend, it will raise.
  • If using graphql_auth.backends.GraphQLAuthBackend, it will return a standard response, with success=False and errors.

As explained on the installation guide


ArchiveAccount

Archive account and revoke refresh tokens.

User must be verified and confirm password.

mutation {
  archiveAccount(
    password: "supersecretpassword",
  ) {
    success,
    errors
  }
}
{
  "data": {
    "register": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  archiveAccount(
    input: {
      password: "supersecretpassword",
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "archiveAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Unauthenticated.",
            "code": "unauthenticated"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "archiveAccount": {
      "success": false,
      "errors": {
        "password": [
          {
            "message": "Invalid password.",
            "code": "invalid_password"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "archiveAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Please verify your account."
            "code": "not_verified"
          }
        ]
      }
    }
  }
}

DeleteAccount

Delete account permanently or make user.is_active=False.

The behavior is defined on settings. Anyway user refresh tokens are revoked.

User must be verified and confirm password.

mutation {
  deleteAccount(
    password: "supersecretpassword",
  ) {
    success,
    errors
  }
}
{
  "data": {
    "deleteAccount": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  deleteAccount(
    input: {
      password: "supersecretpassword",
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "deleteAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Unauthenticated.",
            "code": "unauthenticated"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "deleteAccount": {
      "success": false,
      "errors": {
        "password": [
          {
            "message": "Invalid password.",
            "code": "invalid_password"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "deleteAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Please verify your account."
            "code": "not_verified"
          }
        ]
      }
    }
  }
}

PasswordChange

Change account password when user knows the old password.

A new token and refresh token are sent. User must be verified.

mutation {
 passwordChange(
    oldPassword: "supersecretpassword",
    newPassword1: "123456super",
     newPassword2: "123456super"
  ) {
    success,
    errors,
    token,
    refreshToken
  }
}
{
  "data": {
    "passwordChange": {
      "success": true,
      "errors": null,
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImpvZWpvZSIsImV4cCI6MTU4MDE0MjE0MCwib3JpZ0lhdCI6MTU4MDE0MTg0MH0.BGUSGKUUd7IuHnWKy8V6MU3slJ-DHsyAdAjGrGb_9fw",
      "refreshToken": "67eb63ba9d279876d3e9ae4d39c311e845e728fc"
    }
  }
}
mutation {
 passwordChange(
   input: {
      oldPassword: "supersecretpassword",
      newPassword1: "123456super",
       newPassword2: "123456super"
    }
  ) {
    success,
    errors,
    token,
    refreshToken
  }
}
{
  "data": {
    "passwordChange": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Unauthenticated.",
            "code": "unauthenticated"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}
{
  "data": {
    "passwordChange": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Please verify your account."
            "code": "not_verified"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}
{
  "data": {
    "passwordChange": {
      "success": false,
      "errors": {
        "newPassword2": [
          {
            "message": "This password is too short. It must contain at least 8 characters.",
            "code": "password_too_short"
          },
          {
            "message": "This password is too common.",
            "code": "password_too_common"
          },
          {
            "message": "This password is entirely numeric.",
            "code": "password_entirely_numeric"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}
{
  "data": {
    "passwordChange": {
      "success": false,
      "errors": {
        "newPassword2": [
          {
            "message": "The two password fields didn’t match.",
            "code": "password_mismatch"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}
{
  "data": {
    "passwordChange": {
      "success": false,
      "errors": {
        "oldPassword": [
          {
            "message": "Invalid password.",
            "code": "invalid_password"
          }
        ]
      },
      "token": null,
      "refreshToken": null
    }
  }
}

RemoveSecondaryEmail

Remove user secondary email.

Require password confirmation.

mutation {
  removeSecondaryEmail(
    password: "supersecretpassword"
  ) {
    success,
    errors
  }
}
{
  "data": {
    "removeSecondaryEmail": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  removeSecondaryEmail(
    input: {
      password: "supersecretpassword"
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "removeSecondaryEmail": {
      "success": false,
      "errors": {
        "password": [
          {
            "message": "Invalid password.",
            "code": "invalid_password"
          }
        ]
      }
    }
  }
}

SendSecondaryEmailActivation

Send activation to secondary email.

User must be verified and confirm password.

mutation {
  sendSecondaryEmailActivation(
    email: "my_secondary_email@email.com"
    password: "supersecretpassword",
  ) {
    success,
    errors
  }
}
{
  "data": {
    "sendSecondaryEmailActivation": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  sendSecondaryEmailActivation(
    input: {
      email: "my_secondary_email@email.com"
      password: "supersecretpassword",
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "sendSecondaryEmailActivation": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Unauthenticated.",
            "code": "unauthenticated"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "sendSecondaryEmailActivation": {
      "success": false,
      "errors": {
        "email": [
          {
            "message": "Enter a valid email address.",
            "code": "invalid"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "sendSecondaryEmailActivation": {
      "success": false,
      "errors": {
        "password": [
          {
            "message": "Invalid password.",
            "code": "invalid_password"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "sendSecondaryEmailActivation": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Please verify your account."
            "code": "not_verified"
          }
        ]
      }
    }
  }
}

SwapEmails

Swap between primary and secondary emails.

Require password confirmation.

mutation {
  swapEmails(
    password: "supersecretpassword"
  ) {
    success,
    errors
  }
}
{
  "data": {
    "swapEmails": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  swapEmails(
    input: {
      password: "supersecretpassword"
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "swapEmails": {
      "success": false,
      "errors": {
        "password": [
          {
            "message": "Invalid password.",
            "code": "invalid_password"
          }
        ]
      }
    }
  }
}

UpdateAccount

Update user model fields, defined on settings.

User must be verified.

mutation {
  updateAccount(
    firstName: "Luke"
  ) {
    success,
    errors
  }
}
{
  "data": {
    "updateAccount": {
      "success": true,
      "errors": null
    }
  }
}
mutation {
  updateAccount(
    input: {
      firstName: "Luke"
    }
  ) {
    success,
    errors
  }
}
{
  "data": {
    "updateAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Unauthenticated.",
            "code": "unauthenticated"
          }
        ]
      }
    }
  }
}
{
  "data": {
    "updateAccount": {
      "success": false,
      "errors": {
        "nonFieldErrors": [
          {
            "message": "Please verify your account."
            "code": "not_verified"
          }
        ]
      }
    }
  }
}