Ask HN: What is the current best-practice for authentication for Apollo/GraphQL? - mrccc
======
benawad
1\. Create a login mutation which creates a session and sends back a cookie.

2\. Use resolver middleware to check whether the user is authenticated.

I like to use express-session
([https://github.com/expressjs/session](https://github.com/expressjs/session))
for part 1 and graphql-middleware ([https://github.com/prisma/graphql-
middleware](https://github.com/prisma/graphql-middleware)) for part 2.

