In a custom lambda, you can access the authHeader directly, although I think they eventually plan to support @auth fields:
And you can repass the header to another graphql request like so:
J