Hi Jonas. Great post! I’m working on a spring boot app, and managed to configure security and session management with spring security. Now the “/graphql” endpoint is secured (it can be accessed only sending the “basic http authentication” or the session token in a http header of the request). Authenticating with “basic http authentication” will send back the session token, so that token can be used further, to continue that session.
My issue is that now I’d like to give access to anonymous (not authenticated) users to some graphql queries/mutations like “registration”.
Now I’m thinking to create a special user with his own credentials to play the role of anonymous, but this seams as a work around.
Do you have this issue when you handle the authentication in the web server? How do you solve anonymous access?