Authorization is the mechanism that controls who can do what on which resource in an application and it is a critical part of an application. In this post, I'll illustrate how to set up authorization in a GraphQL API using a custom directive and Oso, an open-source authorization library.