So far I've always had one big painpoint with GraphQL.
I'm very well aware that you can specify headerEditorEnabled when you setup express-graphql like this:
graphiql: { headerEditorEnabled: true, },
However, that doesn't really help if you've protected the /graphql route to begin with.
As far as I'm aware, you'll need to validate the access token before you define the context, to be able to put the user (if successful) inside the context so it is easily available in the resolvers.
I only found 1 resource adressing this issue: https://medium.com/codelit/accessing-graphiql-over-a-jwt-protected-route-in-expressjs-b2f4de6c7dd8 and I don't particularly like the solution of installing the modheader chrome extension, as it will messup other websites if you forget to enable it. Also it seems like a hacky workaround.
So I'm curious what other alternatives there might be to get graphiql working in such a scenario. So far I'm just using postman, which is equally as good for specifying the query, however it does lack the ability to browse through the schema, so getting graphiql to work would be best, if possible :-)
