Phoenix Scopes

Phoenix 1.8 introduced Scope as the new authentication primitive, replacing direct current_user access.

RULES — Follow these with no exceptions

1. Use Scope structs instead of raw current_user — scopes wrap the user and carry additional context such as roles, permissions, and tenant info
2. Use bracket access in templates — assigns[:current_scope] prevents crashes when unauthenticated
3. Test both authenticated and unauthenticated states — scope-based auth has two distinct code paths
4. Define anonymous/0 for the unauthenticated case — return a Scope with user: nil
5. Always check Scope.authenticated?/1 before accessing .user — never assume scope is authenticated

End-to-End Workflow

Follow this sequence when implementing or migrating to scope-based authentication: