Discussion: strategies that can be employed to protect a Graphcool API? 1) How to securely allow the

createUser

mutation only in your own applications? 2) Securely storing JWTs on the client side (both on a mobile device and the web) 3) Invalidating user tokens if necessary?