Hi everyone, I searched and could not see anything. I'm wondering what strategies are used to secure a spring application? I currently use auth0 for my user management and have setup JWT authentication to secure my application. I would like to use my tokens permission and user data to perform additional checks and filters on my results, but I can't get past the Anonymous authentication which scrubs all that info by the time I get to my queries.

looks like you should be able to implement a GraphQLContextFactory that reads the JWT token and generates a GraphQLContext implementation that can be read by your query methods.

Thanks, I’ll take a look.