Example of how to use JSON Web Tokens as an authentication mechanism in an Apollo GraphQL app.
Serverless will pull environment variables from a file called env.yml based on the "stage" you specify at deploy-time (defaults to dev). This file has been added to .gitignore such that the file isn't accidentally committed. In its most barebones form, env.yml looks like this:
dev:
JWT_SECRET: Some...secret...here
N.B. You will need to adjust the endpointURL variable in the handler.js file if you deploy to a stage not named dev.