Casbin follows the officially suggested way to provide authorization for GraphQL endpoints by having a single source of truth for authorization: https://graphql.org/learn/authorization/ . In another word, Casbin should be placed between GraphQL layer and your business logic.
A complete list of Casbin GraphQL middlewares is provided as below. Any 3rd-party contribution on a new GraphQL middleware is welcomed, please inform us and we will put it in this list:)