Skip to main content


TODO general information about how we handle authentication

Available Decorators


@PublicApi() can be used to expose a single handler (query, mutation or route) or a whole class (resolver or controller) publicly.


Using the decorator at class level causes later added handlers to be automatically public. Prefer using the decorator for single handlers only.


@DisableGlobalAuthGuard() disables the global auth guard (CometAuthGuard). This may be used if a different authentication method is desired (e.g., basic authentication) for a specific handler or class. It should be used in combination with a custom guard. The custom guard may leverage @PublicApi as well to expose handlers publicly.


async handlerThatUsesACustomGuard(): {