A common problem

Testing protected endpoints in Phoenix controllers is a topic that sparks confusion - at best, and controversy at worst - amongst a surprising lot of people. When using Guardian or other pluggable ways of authorizing requests, this behaviour has to be taken into consideration for controller tests. Multiple pull requests in the Guardian repository were working towards a solution for this, Guardian Backdoor, which has now been moved into its own repository.

While this will certainly solve this issue for Guardian users in the future, let's explore a simple, fast approach for authorization bypassing that can be used with any kind of plug based authentication pipeline.

Read more →