SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

You can create a middleware that does session verification with the `sessionRequired: false` (See https://supertokens.io/docs/thirdpartyemailpassword/common-customizations/sessions/session-verification#optional-session-verification)

This would be applied to all requests from your apollo client. Then in you graphql server, maybe you could somehow check if `req.session !== undefined`?