Support field-level authorization #111
Description
It'd be nice to formally support field-level authorization through the query planner, similar to other federation libraries. A few specs:
- Unauthorized fields are simply filtered out of the request by default.
- A setting opts requests with unauthorized fields into returning immediately with an error.
It looks like @mikeharty has been doing some auth work in his custom executor. Mike – any chance you could elaborate here with more on how the feature could/should work with what you're already doing?