Finally found out ! 
After learn about how all the auth in redwood work, I discover that I’m missing something for my GraphQL, and I will explain why.
So when I was doing the Code Modifications for V0.35, I copy-past completely the handler like this :
export const handler = createGraphQLHandler({
loggerConfig: { logger, options: {} },
schema: makeMergedSchema({
schemas,
services: makeServices({ services }),
}),
onException: () => {
// Disconnect from your database with an unhandled exception.
db.$disconnect()
},
})
So, by out of sheer ignorance, I remove the import { getCurrentUser } from 'src/lib/auth' telling me why this is here!
I finally get it by reading this code from the framework :
// packages/api/src/functions/graphql.ts
...
// If the request contains authorization headers, we'll decode the providers that we support,
// and pass those to the `currentUser`.
const authContext = await getAuthenticationContext({ event, context })
if (authContext) {
context.currentUser = getCurrentUser
? await getCurrentUser(authContext[0], authContext[1], authContext[2])
: authContext
}
This ternary operator check if it can get getCurrentUser from createGraphQLHandler. Guest what I remove it, so it gives me authContext.
I don’t know why we give authContext if getCurrentUser is not available, but now I know that this thing give a circular structure and also why I have import { getCurrentUser } from 'src/lib/auth'