Currently I have setup Guardian authentication with the following configuration:
pipeline :api do
plug :accepts, ["json"]
plug MyApp.AuthAccessPipeline
end
defmodule MyApp.AuthAccessPipeline do
use Guardian.Plug.Pipeline, otp_app: :my_app
plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"}
plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}
plug Guardian.Plug.EnsureAuthenticated
plug Guardian.Plug.LoadResource, allow_blank: true
end
My routes are setup like this:
scope "/api/v1", MyAppWeb do
pipe_through :api
resources "/users", UserController, except: [:new, :edit]
post "/auth/sign_up", UserController, :sign_up
post "/auth/sign_in", UserController, :sign_in
post "/auth/forgot_password", UserController, :forgot_password
end
How I do set this pipeline so the /auth/* routes can be accessed without authentication?
I was able to solve this issue by setting up my routes like this:
pipeline :anonymous do
plug :accepts, ["json"]
end
pipeline :protected do
plug :accepts, ["json"]
plug MyApp.AuthAccessPipeline
end
scope "/api/v1/auth", MyAppWeb do
pipe_through :anonymous
post "/sign_up", UserController, :sign_up
post "/sign_in", UserController, :sign_in
post "/forgot_password", UserController, :forgot_password
end
scope "/api/v1", MyAppWeb do
pipe_through :protected
resources "/users", UserController, except: [:new, :edit]
end