Correct. You’d want to implement the password strategy. That strategy will add all the actions that you need to your resources. I don’t think that a JSON endpoint is created for you for signing in, but if not it is something you should be able to do with a phoenix controller.
use Phoenix.Controller
def sign_in(conn, %{"username" => username, "password" => password}) do
YourUserResource
|> Ash.Query.for_read(:sign_in_with_password, %{username: username, password: password})
|> YourApi.read_one()
|> case do
{:ok, user} ->
conn |> put_status(200) |> json(%{token: user.__metadata__.token})
{:error, error} ->
# handle errors. You should get back an `Ash.Error.Forbidden`
# error with a nested error you can use to provide an error message
end
end
