I misunderstood. My focus was on the question ~> “array division” in an @auth rule?
In this case, it is possible to extract values from an array that comes from a JWT token claim. And apply logic to it. However, I never tested it using GraphQL in the logical body of the Auth rule. As the Auth rule accepts either GraphQL or a custom rule query. I thought the case was about the JWT claim and the rule, not something more deep related to your data. Which you should check with GraphQL.
I’ll take a look at it and think about this.
Cheers.