Yes, you can.
Although, there is no way to combine @auth and @custom on a single field at present. But, as @amaster507 said you can always let your external @custom API handle that logic by forwarding the JWT. The external API can decide based on the JWT what response it should return. And your external API can also just be Dgraph’s GraphQL API where you can have @auth as pointed by @amaster507 
Refer forwardHeaders in the docs here.