Hi all -
I’m working on security my application. I’m using Auth0 for authentication. I was following this post:
All works fine, but I’m not trying to set authorization on a query. I ultimately need to do the following:
- Certain queries/mutations should ONLY be done if you have been authenticated.
- Certain queries can be done without authentication.
For example. This is, for the most part, a secure applicaiton. There is PII behind the app that can’t be exposed the unregistered public. However, there are things in the graph that can be offered up without authentication. Like blog posts that have a property as “public”. These public things will drive marketing type things that are befofre a user/company registers. I’ll probably need to secure certain queries, too, but I’ve already figured out how to do that.
So, what’s the process setting more “on or off” type authorization based on “is authenticated” or not.