auth
Used to require authentication and to enforce organization-level authorization. This directive, with default parameters, is applied by default to all queries and mutations. Parameter values can be overridden by setting it explicitly on a field. The @noAuth directive can be explicitly used on fields that do not require authentication. Examples: Allow org-less tokens to access objects of type TemporalDataObject based on the id parameter. @auth(allowOrgless: true, objectAuthType: TemporalDataObject) Allow org-less tokens to use the field with no object restrictions. The @scopes directive might still apply. @auth(allowOrgless: true, skipObjectAuthorization: true) Allow org-less tokens to use the field if the ID referenced in parentId is in the allowed set of TemporalDataObjects. Useful for something like createAsset. @auth(allowOrgless: true, objectAuthType: TemporalDataObject, objectAuthIdParam: parentId)
link GraphQL Schema definition
1 directive @auth( : Boolean, : Boolean, : AuthObjectType, : String) on QUERY | MUTATION | FIELD | FIELD_DEFINITION