Hello, thank you for your answer.
If I understand correctly I have to create 2 different entry points (proxy) (each with their own authentication: one with a key, the other with a token) which point to my graphql backend.
In this case, I am forced to have 2 different paths (one /graphqlopen and the other /graphqlsecure)?
My use case is:
I have a web application (spa) with an angular frontend and a graphql (.net) backend.
My application (angular front) must be able to call graphql queries without authentication (anonymous users), but also when users are connected, it must be able to call graphql with a token (openid AzureB2C).