How are we going to solve Authentication? First Idea: If a user is part of the right course they have permission. When splitting the graphql request in the API gateway, check once for authentication and send the parts of the request to the different microservices, telling all of them that the user has permission to see the information. IMPORTANT: This only works if you have a strict tree structure for graphql requests. If a request references e.g. another course (so horizontal connections in the tree), it won't work!
Description
The proposed domain model and architecture need to be inspected and reviewed by at least two developers
Acceptance Criteria
dev1
dev2