|
|
|
|
|
|
by pas
2895 days ago
|
|
|
Do you mean HTTP as the lower layer? I can see authentication (or better said session persistence) handled by a HTTP header, but I don't really see how HTTP by default provides options for what mutations and queries the client should be able to issue. There's no ACL descriptor for GraphQL. And even the choice of HTTP header for Authentication is debated enough, that I think it should have been bolted down in the GQL specs. |
|
|