graphql-auth | GraphQL authentication and authorization middleware | GraphQL library

In my Django application I have created customer user model which uses email as username.

I'm making a web app with Django 3.2 (Python 9) as backend and ReactJs 17 as frontend with a Graphene(GraphQL) API in between. ReactJs uses Apollo Client Provider 3.4 to perform the API queries and mutations.

I'm using the django-graphql-auth package to authenticate my users and I store the user's authentications token in the browser's localStorage that I then put in the headers of the Apollo Provider.

Everything works well until there.

Now, the problem is that the user should be able to download files by clicking on a link in the frontend. This link will redirect to a backend Django view where a file is put in a HttpResponse. The user will be prompt to accept downloading the file.

However, the file is generated based on the user whom request it (on the user's Group to be more precise). So in my Django view, I use the request.user.groups variable to generate the file that will be downloadable.

Here is the problem: on the backend side, the user is still anonymous while authenticated in the frontend.

How can I authenticate the user in the backend when (s)he logs in in the frontend ? Can I simply pass the request.user value from React to Django's download view? If yes, how is it possible ?

Thanks in advance for your help.

Context
In my Django project (based on Django cookiecutter) I use django-graphql-auth which depends on django-graphql-jwt.
I forked django-graphql-jwt to make some changes so then also forked django-graphql-auth to update its dependency to my django-graphql-jwt fork:

I've built a Django API that uses django-graphql-auth and django-graphql-jwt packages to implement authentication. I followed the package's documentation and got everything to work and everything is working from my Angular UI. The only issue is that even requests made from Postman without the Authorization header, are able to fetch the data from the graphql API.

This is my Django project's settings.py

TLDR - But by default the JWT token sent from the backend only includes the username. I want the userId as well.This is what it contains currently:-

I created a question-answer platform (similar to stackoverflow) based on the GRANDstack using authorization using the repo graphql-auth-directives. This allows us to check on authentication, authorization on role level or scope level.

In this platform a user can answer a question and might save the answer as draft. As long as the answer is not posted it should be seen by the user itself but by no one else. Other users however should see all the other finalised answers.

How can I create this type of user level authorization? It should result provide the following:

Suppose a question Q with id someid. Which currently has finalised answers A1 and A2. If some random user U1 performs the query:

I have this schema.graphql

I am trying to build an API for a transportation system which has different kind of users (Driver, Customer, SystemAdmin and Authorizer). For this purpose I created an AbstractUser and use inheritance relationship for the all of the above different users. For adding JWT to the model, I have read the official tutorial, but whenever I want to create a new user like the following I faced to the error:

I am new to React Native and Apollo GraphQL, trying to insert props values to the following to code run the GraphQL query.