This article has some great skimmable content for how to throw errors in graphql, but most importantly it also includes how to handle re-auth, a topic that I find is so often lacking in articles around authentication - and from the example, it doesn't look too complicated.

If you are using JSON Web Tokens to authenticate the origin of a request, you will need some way to refresh the token when it expires, all without impacting the user experience