I use Guardian 1 and Phoenix 1.3. And I'm trying to make an API that uses JWT. I now have authentication working for routes. For example, you cannot access get api/users/
without having a valid token in the header.
I have a pipeline that looks like:
defmodule PhxAuthApi.Auth.AuthPipeline do
use Guardian.Plug.Pipeline, otp_app: :phx_auth_api,
module: PhxAuthApi.Auth.Guardian,
error_handler: PhxAuthApi.Auth.AuthErrorHandler
plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}, realm: :none
plug Guardian.Plug.EnsureAuthenticated
plug Guardian.Plug.LoadResource, ensure: true
end
What I want to achieve is that a user calling put api/users/1
only can access that route if the user has the corresponding :id
in the token resource.
I know I can get the resource by calling
resource = Guardian.Plug.current_resource(conn)
But how would I go about doing this? making another pipeline?
How would that look, I couldn't find any documentation on achieving this?
I'm am fairly new to Elixir and Phoenix and this is my first project that I intend to ship.