I am implementing a web application that uses a back-end implemented in Django with the API written in graphene GQL.
I need to provide login / logout functionality. These should be (ideally) implemented as mutations.
The login mutation should be able to operate without an authentication token (of course, since the user is not yet logged in).
I do not want to disable csrf checks for the whole api (via csrf_exempt on the graphene view).
Is there a way to disable csrf checks only for one mutation (login in my case) ?
Theres is a django app that can help you do that. Check this https://github.com/morgante/django-graph-auth