A modern programming language that makes developers happier.

kotlinlang

Hey all! Say I have a `graphql` route in my ktor app. I want that route to be authenticated, but I don't want there to be any authentication on `Introspection` queries. Is that possible?

Do you mean to disable authentication if some specific query parameters are present?

No as in the introspection query for a graphql server should return all the types without requiring any authentication, but the actual real queries should be authenticated.

Could you please explain it in terms of HTTP?

Well, the introspection query is a special query that all graphql servers respond to with all the capabilities that the server implements. Think of it as an endpoint that returns a sort of response that creates your API documentation clientside. This should be open to all without any authentication.  Regular queries should be different, and behind authentication.

See: <https://graphql.org/learn/introspection/>

i think the best you can do is.. check for auth headers after you know if it is a introspection query or not.. but thats not something ktor builtin functionality can do

Yeah, that's what I gathered. Just use `authenticate(optional = true) { ... }`