I’m afraid that this is not possible. Tyk allows using multiple auth methods on a single API but it works like method1 AND method2, rather than method1 OR method2.
In this case I’d proxy the same GQL service twice via the GW.
For the first I would set the method as basic auth and I would use the field-based permissions to cut off access to everything but the query you want to expose publicly.
For the second one I would use OIDC as auth method and just allow access to everything.
So in case I only want to use the public query I use my basic auth credentials you publish for everyone to use. But when I need to get more I use the second proxy and provide openid credentials and can use everything I want.
But it is a cool use case! Thanks for raising this question. Is this a common thing you do in your GQL workflows? What’s the rationale behind it?