Hey everybody. Had a lot of help in the past on the prisma slack so I’m trying my luck again. I have this application that has toys. Each of the toys has a field, published, that has a boolean value. So we have a query for getting a toy. Like you can assume the toys with published true can be accused publicly without having a JWT token. The situation at the moment is the following: I have a JWT middleware that checks a token and return 401 when the token is not valid. I can remove this middleware but then I have to check if the token is valid within each resolver except when a toy is published. The express middleware is route based and graphQL is query based ( I think this is an important point) So my question is: What is the best way to solve this?

Hi @michieldewilde, https://github.com/maticzav/graphql-shield could be exactly what you need. 🙂

Hi @michieldewilde, you may want to check my example repo where I tackle allowing both authenticated and unauthenticated queries. https://github.com/LawJolla/prisma-auth0-example The short of it is you attach the token to the request if it's there and if valid. If it's not there, it passes the middleware without anything being attached to the request.

Thank you for the suggestions. Have been able to dodge directives and graphql-shield for the moment. It would adres some extra work that I don't have time for at the moment. I will keep your two solutions in mind.