Authorization in GraphQL

The text discusses the importance of authorization in GraphQL APIs, which is often misunderstood as being unrelated to authentication. The article explains that authentication determines whether a user is logged in or not, while authorization decides what permissions they have. It provides an example of how to set up authorization for a schema using Apollo Server 2.0, which includes generating a context object with the user's information and implementing basic whole-schema authorization. The text also covers authorization in resolvers, data models, and outside of GraphQL, providing practical tips for securing fields in a GraphQL API.