Forward to does not allow you to easily add the authorization that you would want. You also have to manually add forwardTo for each resolver. Check out these conversations for the limitations: https://github.com/graphql-binding/graphql-binding/issues/40 and https://github.com/graphql-binding/graphql-binding/issues/37
Right; how about if forwardTo itself became a directive that would invoke the authorization directive then the actual forwardTo function next?
I think you could do that, yes
Big update to GraphQL Tools with some breaking changes! Read it all here.