I started on my first production app using GraphQL a couple months back. I've just now been getting into the tougher parts of the app. Querying, mutating, and subscribing to things is awesome and trivial. Batching queries and a good way to log in and out of these sort of apps is not. I say this because the only documentation you can find for query batching (more on that in another post) and how to handle auth is not ideal.

Existing solutions

There's only two ways that I have seen repeated over and over by every blog post I can find.

Lock down your GraphQL endpoint

Make a regular post request to a restful login route. Now pass that token on each request and you can now access your GraphQL endpoint. Awesome right? No, not at all really. How can anyone say this is the future if a recommended approach is to use something else for the actual login. I want to use my graphql endpoint for everything!

Check for the user in every resolver

This is an approach close to my own, but mine is a bit more au…