I got some REST API endpoints in Django and I'd like to use the same authentication for Graphene. The documentation does not provide any guidance.

For example, if you are using authentication_classes = (TokenAuthentication,) in your API views, you could add an endpoint to a GraphQLView decorated in this way:

urls.py:

# ...
from rest_framework.authentication import TokenAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.decorators import authentication_classes, permission_classes, api_view

def graphql_token_view():
    view = GraphQLView.as_view(schema=schema)
    view = permission_classes((IsAuthenticated,))(view)
    view = authentication_classes((TokenAuthentication,))(view)
    view = api_view(['GET', 'POST'])(view)
    return view

urlpatterns = [
# ...
    url(r'^graphql_token', graphql_token_view()),
    url(r'^graphql', csrf_exempt(GraphQLView.as_view(schema=schema))),
    url(r'^graphiql', include('django_graphiql.urls')),
# ...

Note that we added a new ^graphql_token endpoint and kept the original ^graphql which is used by the GraphiQL tool.

Then, you should set the Authorization header in your GraphQL client and point to the graphql_token endpoint.

UPDATE: See this GitHub issue where people have suggested alternative solutions and full working examples.

Adding some additional steps that I had to take when following this integration:

class RTGraphQLView(GraphQLView):

def parse_body(self, request):
    if type(request) is rest_framework.request.Request:
        return request.data
    return super().parse_body(request)

Graphene was expecting the .body attr but DRF reads it and attaches it to .data before being passed to GraphQLView.