
GraphQL Mesh – Query anything, run anywhere - Urigo
https://medium.com/the-guild/graphql-mesh-query-anything-run-anywhere-433c173863b5
======
hirundo
How is authorization handled? Our GraphQL API authenticates on a JSON web
token in the Authorization header. Can we be part of the mesh? To support that
I suppose a single query might need multiple sets of credentials/tokens.

It seems better to put those in the query itself rather than in request
headers. It's easy enough to modify our API to read the token from the
query/variables rather than a header. GraphQL Mesh could make a standard
schema for that.

~~~
dotansimha
It depends, and might be different across APIs. Because OpenAPI spec allow you
to use different methods of authentication (general query param, per-endpoint
query param or authentication via headers). So if it's per-operation or part
of the endpoint, it will be converted into a graphql argument as part of the
operation. If it's a general authentication method for the whole OpenAPI file,
like with headers, Mesh allow to to configure it as part of your configuration
explicitly, or load it from an environment variables, and if it's a dynamic
token you can do interpolations like `Authorization: {context.authToken}` and
it will take it from the execution context every time.

