Guardian - exclude routes from needing authentication

Question

Currently I have setup Guardian authentication with the following configuration:

pipeline :api do
  plug :accepts, ["json"]
  plug MyApp.AuthAccessPipeline
end

defmodule MyApp.AuthAccessPipeline do
  use Guardian.Plug.Pipeline, otp_app: :my_app

  plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"}
  plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}
  plug Guardian.Plug.EnsureAuthenticated
  plug Guardian.Plug.LoadResource, allow_blank: true
end

My routes are setup like this:

scope "/api/v1", MyAppWeb do
    pipe_through :api

  resources "/users", UserController, except: [:new, :edit]

  post "/auth/sign_up", UserController, :sign_up
  post "/auth/sign_in", UserController, :sign_in
  post "/auth/forgot_password", UserController, :forgot_password
end

How I do set this pipeline so the /auth/* routes can be accessed without authentication?

Answer 1

I was able to solve this issue by setting up my routes like this:

pipeline :anonymous do
  plug :accepts, ["json"]
end

pipeline :protected do
  plug :accepts, ["json"]
  plug MyApp.AuthAccessPipeline
end

scope "/api/v1/auth", MyAppWeb do
  pipe_through :anonymous

  post "/sign_up", UserController, :sign_up
  post "/sign_in", UserController, :sign_in
  post "/forgot_password", UserController, :forgot_password
end

scope "/api/v1", MyAppWeb do
  pipe_through :protected

  resources "/users", UserController, except: [:new, :edit]
end