Authentication and Authorization in GraphQL (and how GraphQL-Modules can help)
Dotan Simha
2861

Thanks for the article! Quick question…

I’m not sure there’s much daylight between authentication implementation #1 and your preferred implementation. Specifically, an express middleware layer that passes a request without Authorization, but validates an Authorization header token and, if valid, attaches a user object onto the request object, then the request object becomes part of the context. If invalid, return 401.

E.g. https://github.com/LawJolla/prisma-auth0-example/blob/master/server/src/index.js

Can you help me understand the practical difference? Thanks!