I have a brand new Absinthe powered API in the works.
Just wondering about people’s approach to authentication.
I am happy with the authorization part, following the Absinthe tutorial -> a Phoenix.Token being passed in a header and then verified (JWT is prob overkill for me).
I reckon I have to break out initial authentication from the GraphQL pipeline which includes the header check - and put authentication into its own pipeline.
This makes sense to me, but I would like if anyone else wants to share their experience or best practices.