Best way to check user id before allowing the user to edit a node

I'm using JWTs for user auth in my app and I have them accessible in the resolvers via the context object, but I'm not quite sure the best way to use them in a granular way. I'd like to check that a user's req.userId matches the authorId that exists in a Comment node in the database before I allow the user's edit to be saved to the db.

I was using @cypher mutations in the typeDefs file to create / edit things like Comments and other nodes, but I don't know how to match something like req.userId in a cypher mutation now that I'm implementing authorization. Now I'm attempting to use session.writeTransaction in custom resolvers but it looks like a pretty convoluted way of doing things so far.

Any suggestions or examples would be very appreciated, thank you :slight_smile:

I don’t know if you’ve seen this but it’s a very good breakdown of auth in the GRANDstack GraphQL Authorization With Auth0 | Building A Real Estate Search App w/ GRANDstack: Part 8 - YouTube

There will be more to come in that series as well.

That video did indeed help a lot. Thank you very much for the response.