Used to require authentication and to enforce organization-level authorization. This directive, with default parameters, is applied by default to all queries and mutations. Parameter values can be overridden by setting it explicitly on a field. The @noAuth directive can be explicitly used on fields that do not require authentication. Examples: Allow org-less tokens to access objects of type TemporalDataObject based on the id parameter. @auth(allowOrgless: true, objectAuthType: TemporalDataObject) Allow org-less tokens to use the field with no object restrictions. The @scopes directive might still apply. @auth(allowOrgless: true, skipObjectAuthorization: true) Allow org-less tokens to use the field if the ID referenced in parentId is in the allowed set of TemporalDataObjects. Useful for something like createAsset. @auth(allowOrgless: true, objectAuthType: TemporalDataObject, objectAuthIdParam: parentId)

link GraphQL Schema definition

1directive @auth(allowOrgless: Boolean, skipObjectAuthorization: Boolean, objectAuthType: AuthObjectType, objectAuthIdParam: String) on QUERY | MUTATION | FIELD | FIELD_DEFINITION

link Required by

This element is not required by anyone