Toggle introspection on a per request basis (runtime)

[tinnou]

Is your feature request related to a problem? Please describe. In the router, it is possible to disable/enable introspection resolution by using the config property supergraph.introspection.enabled:true. In our case, we would like to control introspection on a per request basis. For example we would like to only allow introspection for internal requests / users. If we detect a request is external, we would like to disable introspection for the request.

Describe the solution you'd like A few approaches come to mind:

• provide an introspection hook where we can run logic to gate introspection, the hook would have for input the request and context and would return a boolean
• use a request context property say allowIntrospection:true|false set by user plugins that act as a marker to toggle introspection. The property would have to be set either at router_service or supergraph_service since the router executes introspection fields before calling execution_service.

Describe alternatives you've considered As a workaround, we implemented a supergraph_service plugin that performs the internal/external check per request. The problem is it also needs to parse the query again to find out whether it contains introspection fields and perform the deny/allow that the router already performs further down the chain. This is suboptimal performance wise and also logic wise since introspection detection logic is duplicated in user and router code.

[BrynCooke]

Typically we don't recommend enabling introspection outside of dev. If you're a managed federation user then you can rover to fetch a graph schema even when introspection is disabled: https://www.apollographql.com/docs/rover/commands/graphs#graph-fetch

Would using rover be an option for you?

[BrynCooke]

We plan to stabilize apollo-rs first quarter of next year. When this happens it will be easy for users to create a plugin that does the above.