[vanwalj]

Nice tutorial, just not found of the authorization part, which "encourage" you to rely on http headers. Imho http headers are fine for a REST API, since the protocol depend on HTTP, but not for a GraphQL API since you can perfectly serve GraphQL behind something else, like Websocket, nats, or even direct TCP

[tpucci]

Thank you for your comment. You are right and I admit I didn't come with another solution at this time. This is why I did not write a huge part about authorizations.