GraphQL Custom JWT Authentication

When you want to send a GraphQL request to your mongodb app
and you configured CustomJWT authentication,

then one would expect that it necesssay to send the JWT token in the Authentication: Bearer xxxxx...xxxxx header as normal.

But this is not possible. One must send the token in a custom jwtTokenString Header. Even if you set both, the default Authentication and the jwtTokenString header, then it does not work. You must only set the custom jwtTokenString Header.

Yes ok, I admint this is documented. If you manage to find it. At the very bottom of this page: https://www.mongodb.com/docs/atlas/app-services/graphql/authenticate/

But this is unexpected behaviour. Also the customJWT authentication should use the default Header. Also for GraphQL requests. Just as any other request out there too.

Example curl request as one would expect. And as specified by the GraphQL standards (This request does not work!)

curl --location --request POST 'https://eu-central-1.aws.realm.mongodb.com/api/client/v2.0/app/<app-id>/graphql' \
   --header 'Authentication: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI......' \
   --header 'Content-Type: application/json' \
   --data-raw '{ "query" : "{ team { _id teamName} }" }'

Example request that does work - but is very uncommon:

curl --location --request POST 'https://eu-central-1.aws.realm.mongodb.com/api/client/v2.0/app/<app-id>/graphql' \
   --header 'jwtTokenString eyJhbGciOiJIUzI1NiIsInR5cCI......' \
   --header 'Content-Type: application/json' \
   --data-raw '{ "query" : "{ team { _id teamName} }" }'