I am working on a project which use graphql and django-graphql.
Currently in api endpoint I create a token with superuser but want to do without superuser.
for example I generate a token and send that token to user so he can keep and login with that token instead of providing superusername and password.
is it possible
Side note: Using a token is still “Authentication”. The term “Authentication” covers all options allowing a user to identify themselves as being authorized to access your site. The concept of “Authentication” is not limited to the process of using a “username” / “password” combination.
If you’re using the Django Rest Framework (DRF), then it supports this natively.
If you’re not using DRF, then you may need to either implement your own authentication backend, or perhaps find a suitable package on djangopackages.org that you can build from.
I mean generated token can we used in header the current scenario but they will access admin panel easily so how to protect the admin panel
You’re going to need to provide more details about what it is you’re trying to achieve here.
In graphql api a token is generated with the help of superuser and password,
client need credential to create a token incase I give credential then they can easily login to admin dashboard.
There’s no internal requirement that a token must be created with a superuser. If untrusted users need to create tokens, then set up a limited-functionality account for that purpose.
In all situations, only very trusted staff should be given access to a superuser account.