Question: How to add individual auth rules to custom queries/mutations?

The docs state:

  1. You can add custom queries to the Query type
type Query {
    myCustomQuery(...): QueryResultType @custom(...)
}

So presumably if I want to add an auth rule to that custom query I do the following:

type Query @auth(
  query: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
}

…and if it were a mutation:

type Mutation @auth(
  add: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
  update: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
  delete: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomMutation(...): MutationResult @custom(...)
}

…??

Or would it actually be:

type Query @auth(
  myCustomQuery: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
}
type Mutation @auth(
  myCustomMutation: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomMutation(...): MutationResult @custom(...)
}

…?

Now what about if I have multiple custom queries/mutations that I want different auth rules for? Would I do it like this?:

type Query @auth(
  query: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
}

type Query @auth(
  query: { rule: "{ $ROLE: { eq: \"SUPERADMIN\" } }" }
){
    mySecondCustomQuery(...): QueryResultType @custom(...)
}

Or like this?:

type Query @auth(
  myCustomQuery: { rule: "{ $ROLE: { eq: \"ADMIN\" } }" }
  mySecondCustomQuery: { rule: "{ $ROLE: { eq: \"SUPERADMIN\" } }" }
){
    myCustomQuery(...): QueryResultType @custom(...)
    mySecondCustomQuery(...): QueryResultType @custom(...)
}

I believe there is currently no support for auth rules on custom queries/mutations. But when there is such I would believe the format to be similar to:

type Query {
  myCustomQuery: [CustomRemoteType] @auth(query: ...) @custom(...)
}

type Mutation {
  myCustomMutation: [CustomRemotePayload] @auth() @custom(...)
}

I am not sure how the custom mutation auth directive rules will look but unless the directive schema is updated it would have to be one of: query, add, update, delete.

I think there is somewhat support for auth in custom queries but not like the above. Instead if you return a regular type it uses the rules of that type not any rules of the custom query… i remember seeing it in a PR/release notes but haven’t used it