I followed and used the AuthDirective found at https://www.apollographql.com/docs/apollo-server/schema/creating-directives/#enforcing-access-permissions .
Its working well within Queries and Mutations. However, I don't understand the statement "One drawback of this approach is that it does not guarantee fields will be wrapped if they are added to the schema after AuthDirective is applied" found near the end of the "Enforcing Access Permissions" section. How would fields be added to the schema after AuthDirective is applied? Is it talking about the results returned from a field that had AuthDirective applied to it?
If the
@authdirective shown is applied to a type, that type could also have another directive applied to it that adds fields to the type. For example, imagine an@iddirective that added anidfield to whatever type it was applied to. If the@iddirective directive is applied after the@authdirective, theidfield's resolver would never be modified by the@authdirective like all the other fields were. The directives are applied in the order they appear in the type definition, so it's easy enough to avoid this scenario but it is something to be aware of if you make extensive use of directives.