Hello,
I am creating my first Ash Json API with Phoenix.
I am playing with swagger, and I have some questions.
- How can I add authentication and authorization? Is it derived from
AshAuthentication
policies? - How can I get the bearer to test the API authorization?
If I define a policy like this one:
policies do
policy always() do
forbid_if always()
end
end
Note I am using this policy only for testing purposes
- In the
GET
action for listing all the items without any API key, it returns a200
response with an empty list. Shouldn’t be a401
instead?
I want to return 401 to all API calls that are not authorized using a bearer, and a 403 response to HTTP calls not allowed—for example, a resource owned by another actor.
Thanks!