Authentication and Authorization in GraphQL (and how GraphQL-Modules can help)
Dotan Simha

Thanks for the article! Quick question…

I’m not sure there’s much daylight between authentication implementation #1 and your preferred implementation. Specifically, an express middleware layer that passes a request without Authorization, but validates an Authorization header token and, if valid, attaches a user object onto the request object, then the request object becomes part of the context. If invalid, return 401.


Can you help me understand the practical difference? Thanks!