Couple of suggestion/ enhancement which i believe can be beneficial.
- Rename Namespace column to claims as it simply corresponds to that. It is rather confusing.
2.Currently the public key needs to be embedded into Authorization header for dgraph. Many modern services such as Google Firebase provide public urls where multiple pairs are stored along with its kid to find corresponding public key which allows to verify signature of the token. In current shape that is simply not supported. This can either be done via using Firebase SDK or enhancing existing code to lookup claims at runtime/caching.
- API token which are generated when creating a service can also be at bare minimum served as Auth mechanism for simple apps.
- Provide a recommended way for doing Auth queries for hierarchal data. i.e. What would be performance impact if on each type there is @hasInverse relation to user. Also the cost of querying etc. This would allows new users have best practices guide as a simple TODO do not encompasses.