SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

<@498057949541826571>  

Currently my graphql service is exposed at /graphql endpoioint. To protect this endpoint so that only authenticated users can send request, I am using supertokens verifysession function. Everything is working as expected.

```
App.POST(graphqlPath, graphqlHandler(r.GS), auth.VerifySession(nil))
```


But now I want to allow anonymous users to access the graphql endpoint. I would like to check for user in the resolver function instead:

```
// CreateAccount is the resolver for the createAccount field.
func (r *mutationResolver) CreateAccount(ctx context.Context, input ent.CreateAccountInput) (*ent.Account, error) {
    // TODO:  extract userID from ctx 
```

any suggestions?

hey <@862260736779747379> there is a sessionRequired option that you can pass to verifySession. Check that out.