We’re having a discussion where we wanted to provide a completely separate federated graph for authenticated clients and a completely separate federated graph for unauthenticated clients.
And if any services under authenticated graph needs to refer to the type defined on other graph, we’d duplicate the service and deploy under also the authenticated graph.
This is so that our gateway can validate JWTs and private graph would reject any requests that have invalid JWT or no JWTs.
And the other gateway can simply forward the request.
We’d still do permission checks using the directive on each subgraph.
I don’t know if I’m missing something here. Can someone verify if this is a good idea?