Where do you add your plug? I tried to reproduce this behavior (access protected /resource/some-non-int) but I get proper response (redirect to login in my case).
These errors might provide a clue as to what is wrong with the auth check.
As for logged in users seeing the error on wrong URL, you can cast exception by defining an implementation of Plug.Exception. In case of providing a wrong type (string instead of integer) that would be Ecto.Query.CastError which you can handle like this
defimpl Plug.Exception, for: Ecto.Query.CastError do
def status(_), do: 404
end
