I want to use Graphcool, but the Auth0 integration just isn't ready: - The built-in provider only supports hs256 (no rs256). But hs256 doesn't meet my security requirements. - Even if I wanted to use hs256, auth0.js v8 doesn't support it. auth0.js v7 does, but it is not longer being maintained--a deal-breaker for security-critical software. - Even if I were willing to use auth0.js v7, I'm using the auth0 hosted login page (https://auth0.com/docs/hosted-pages/login), so token generation is out of my hands. - Graphcool resolvers provide an extension point for custom auth providers. But I don't want to implement my own provider (again, I want to rely on a tried-and-tested solution for security-critical), and even your own example (https://github.com/graphcool/templates/tree/master/authentication/auth0-authentication) was not production ready and did not validate tokens last time I checked. I will try Graphcool again when you have an auth0 solution that: - Supports rs256 - Supports the most recent version of auth0.js - Does not require me to implement my own auth provider logic through Graphcool resolvers or similar.

@mpiroc First of all, HS256 is still supported for all Auth0 authentication methods except for database. Even with auth0.js v8. Resolver functions support everything you need, and the example you refer to supports RS256 tokens. With resolver functions, you will see an upcoming change to the templates/modules library with Graphcool-curated templates, and community ones. The ones that are Graphcool curated will be properly tested, and are production ready. Afaik, there are no plans other than the Graphcool-curated resolver functions to extend the built-in integrations.

Thanks @agartha, I must have been looking at a different example (with a README that said it didn't validate tokens) last week. I'll try out this example and get back to you if I have a problem.