- Meet with the authorization service team
- Explore bulk authorization possibilities
- Handle authentication at the server level - user is/is not authenticated to make a request
- Define Apollo server context, which will output the auth context once per request
- Confirm auth model works consistently for local resolvers, distributed resolvers, and Apollo federation
- Confirm parent lineage with multiple levels (parent - grandparent - great grandparent)
- Validate that the supplied auth context has expected structure
- Validate that the auth context is constructed once per request before any resolvers are invoked
- Handle authorization errors at the resolver level
- Validate use case where user is authorized to access some of the data they requested
- Validate use case where user is unauthorized to access the data they requested
- Validate use case where user is authorized to access all data they requested
- Validate that the auth context is supplied to resolvers
- At high level, understand options for enforcing network security