Rather than constructing a special-cased internal auth key. Also a good time to try and refactor auth extensions from core-go to meta.sr.ht GQL.