Is there a supported way to distinguish between authenticated and unauthenticated operations?

[nobody-nn]

Question

Hi Apollo iOS team 👋

In our project, we're trying to distinguish between authenticated and unauthenticated GraphQL operations, so that our ApolloInterceptor only adds authentication headers for the relevant requests.

Currently, we're going to use a custom script to scan the generated operations and maintain a list of unauthenticated operations, but we were wondering:

1. Does Apollo iOS support any built-in way or pattern to mark or identify unauthenticated operations?
2. If not, would it make sense to use a custom directive or metadata in the schema that the codegen could potentially expose?

Would appreciate any guidance or best practices around this.

Thanks!

[calvincestari]

Hi @nobody-nn - unfortunately there is no way in Apollo iOS to do this at the moment.

A new custom directive could work here but this isn't something our team would be able to get to any time soon. I'm also unsure whether we'd merge this into the library to be honest, it seems a very workflows specific pattern.

What are you gaining by not sending the auth headers with every request?

[nobody-nn]

Hi @calvincestari ,

Thanks for your reply.

The problem with that is if we send authorization headers on one that doesn’t need auth, it gets its own cache. So we don’t benefit from the public cache on public requests.

[calvincestari]

I'm going to close this question. If you need help with the custom directive then comment in this issue again and we'll assist where we can.

[github-actions]

Do you have any feedback for the maintainers? Please tell us by taking a one-minute survey. Your responses will help us understand Apollo iOS usage and allow us to serve you better.