So the auth APIs that are exposed via the node SDK will continue to be REST. So you will only need to figure out session management with graphql. I'd be happy to get on a call to help you figure this out