Exposing `/graphiql` but requiring an API token for actual queries

I’m setting up a GraphQL API on an internal application. I have an existing pipeline which requires a valid API token for all requests, and I want GraphQL requests to go through that.

However, I’d like to make /graphiql available for users to explore the API (if they have a valid token).
(Tell me if that’s a bad idea.)

The solution I have at the moment is to provide a BogusSchema to Absinthe.Plug.GraphiQL:

# Actual GraphQL requests come here and require a token
scope "/" do
  pipe_through [:api_token_auth, :set_graphql_context]

  forward "/graphql", Absinthe.Plug, schema: MyAppWeb.GraphQL.Schema

scope "/" do
  # no token is needed to load this page, but to run queries, you have to add a
  # token header in the interface
  forward "/graphiql", Absinthe.Plug.GraphiQL,
    # BogusSchema is a valid but empty schema
    schema: MyAppWeb.GraphQL.BogusSchema,
    # advanced interface allows setting a valid token header
    interface: :advanced,
    # actual queries will be sent here
    default_url: "/graphql"

I defined BogusSchema as:

defmodule MyAppWeb.GraphQL.BogusSchema do
  use Absinthe.Schema
  query do
    # nothing

This works but is a hack.
Is there a better solution I’m missing?