Description
After briefly discussing this approach in GraphQL-spec (graphql/graphql-spec#592) I realized that this should instead be added as best-practice and not necessarily be part of the spec. Since the initial RFC, I have also added this information in "graphql-rules", available here: (https://graphql-rules.com/rules/authorization-schema-diffing) {https://github.com/graphql-rules/graphql-rules/pull/13}
As of now graphql.org suggests a single method of authorization; however in practice I have had to implement a different approach to address various concerns which I have discussed in the links mentioned before.
The Schema diffing approach can be likened to an API Gateway implementation of authorization and has it's benefits; as such I suggest that we include this approach in the knowledge base so that it can be more widely used and discussed.