I’ve just started a series of articles on Medium which will show you how you can secure your Dgraph Endpoint with Auth0, by building an example application.
This project came together since Dgraph does not offer field protection and thus sometimes it can be tricky to secure certain nodes which are set to public in your Dgraph admin interface. I have mentioned here that maybe it would be a good idea that @auth rules will get overridden by adding the Admin API Key to the header. This way, we could query/mutate the protected node from our frontend application (if you use JWT protection with e.g. Auth0) and, at the same time, have an e.g. lambda have access to the data too.
However, the first part is how to set up Dgraph, which is available here.
If you want to skip the entire setup process, you can have a look here, where I explain of how I have solved this.
Very open for discussions of what you think!