Third-party graphql access?

Quick question,

With the new third-party authentication support, is it recommended to give third-party applications access directly to your database at For instance, if you setup dynamic client registration in Auth0, a user could create an application and use oauth flow to authenticate users and get a jwt. Then that application would be able to query the database directly and this would avoid needing a custom api. Is there a downside to this approach?