Would you mind expanding on this a bit? It seems HGE makes a call to a webhook for every GraphQL query/mutation [1]? This sounds rather expensive to me. Thanks!
We're adding support for JWT soon too which should prevent this overhead for applications that support JWT. But basically the idea here is to be equivalent to session cache hit.
Another deployment pattern is to make everything go through an API gateway which would usually do the auth resolution for all microservices, and thus can set the dynamic variables required for access control for HGE directly too. In this case, auth-webhook is disabled.
Another deployment pattern is to make everything go through an API gateway which would usually do the auth resolution for all microservices, and thus can set the dynamic variables required for access control for HGE directly too. In this case, auth-webhook is disabled.