I believe there is currently no support for auth rules on custom queries/mutations. But when there is such I would believe the format to be similar to:
type Query {
myCustomQuery: [CustomRemoteType] @auth(query: ...) @custom(...)
}
type Mutation {
myCustomMutation: [CustomRemotePayload] @auth() @custom(...)
}
I am not sure how the custom mutation auth directive rules will look but unless the directive schema is updated it would have to be one of: query, add, update, delete.
I think there is somewhat support for auth in custom queries but not like the above. Instead if you return a regular type it uses the rules of that type not any rules of the custom query… i remember seeing it in a PR/release notes but haven’t used it