Facebook does not mention authentication for their GraphQL library.
Suppose I have a users table fetchable from GraphQL and I do not wish to disclose users information to anybody who demands it except the logged in user, at what level should I add the authentication layer ?
At the schema level by mutating a "logged-in" state ?
Or maybe by passing extra parameters to the graphql
function that currently takes only query
and schema
?