Hi, thanks for the question. Yes we are adding the kinds of access control that you are talking about. We are also adding this GraphQL Custom Logic that does allow you to call external http to resolve fields.
So you will be able to mix custom logic and auth together. I wonder if that mixture will be enough for your needs? It would be great to talk to you more about your use case and see if we are working towards will work for you. Or if maybe we’d need something like @custom auth so as well as custom field resolvers, you could provide some sort of custom auth handler?