I see a few mentions of "auth" in the golden path (https://github.com/search?q=repo%3Agraphql%2Fgolden-path%20auth&type=code) but no guidelines yet on how best to implement auth.
Is this something you think the golden path should cover? Or is this scope creep (since it implies setting guidance on the rest of your architecture too).
We already have a page on this here: https://graphql.org/learn/authorization/
Which suggests 2 options:
- put auth in a logic layer
- use an @auth (or similar) directive
fwiw, imo: (1) > (2), but (2) is more popular[citation needed] because not many OSS ORM libraries have this built-in, in the same way that ent does.
Maybe the golden path can suggest that either of these are acceptable, with a preference for (1) if available.
wdyt?
I see a few mentions of "auth" in the golden path (https://github.com/search?q=repo%3Agraphql%2Fgolden-path%20auth&type=code) but no guidelines yet on how best to implement auth.
Is this something you think the golden path should cover? Or is this scope creep (since it implies setting guidance on the rest of your architecture too).
We already have a page on this here: https://graphql.org/learn/authorization/
Which suggests 2 options:
fwiw, imo: (1) > (2), but (2) is more popular[citation needed] because not many OSS ORM libraries have this built-in, in the same way that ent does.
Maybe the golden path can suggest that either of these are acceptable, with a preference for (1) if available.
wdyt?