Hello @danschultzer,
The guide on user roles and authorization through a Plug is great for keeping users from accessing restricted pages but sometimes we would want more radical methods. For example in an umbrella project, I don’t want front_app
users to be authenticated when trying to login through the admin_app
page.
So I added a custom authenticate
method to the admin users context:
@doc """
Ensure that only admin can be authenticated
"""
def authenticate(params) do
user = pow_authenticate(params)
case user do
%{role: "admin"} -> user
%{role: "superadmin"} -> user
_ -> nil
end
end
Maybe there is a better/recommended way to achieve this?