Security Consideration

I have following security concerns.
What if I would like to provide different ways of authentication. For example I would like to secure public clients with jwt token but some parts of api for instance mutators I would like to access by Bearer clients backend clients.

Is there a way to secure requests with clientId and secure token without a need to use another service?

How to prevent some queries. If I have social app I don’t want to allow users to traverse all database. If we have facebook like app I don’t want to let people traverse all userbase by querying friends. Can I limit depth of a query?

Speaking of your example with one to many relation for instance User <-> Post. Where post can have author field. How to ensure security so that user can add post with author set to his user id and not somebody else user id.

Can I for instance pass claim to a mutation?

And what is a status of file support?
Can I connect to blob storage and store files in blob storage with lambda functions?

Idea behind this project is interesting but for now I see it is only limited to projects where security is not taken into account for example some internal analitical projects.

i advise you to use databases with a server layer like Cloudflare Workers or Cloud Run in front of.

Client <-> Cloud Run <-> Dgraph

Dgraph is THE database. you can build facebook twitter whatever you want. dgraph is extremely powerful.

since you will want to use DQL for advanced queries and recommendation calculations, you would want to forget that graphql auth layer anyway