Description
This section is a bit confusing at the moment (I append it below so that you can check easily if you agree). It first says, that you have to use HTTP auth controlled by the server, and one paragraph later it says that there is something delivered with Foxx you can use or create your own stuff. A hint on the demo app for authorization would be helpful, too.
Controlling Access to Foxx Controllers
At the moment, access to Foxx.Controllers is controlled by the regular
authentication mechanisms present in ArangoDB. The server can be run with
or without HTTP authentication.
If authentication is turned off, all Foxx.Controllers and routes will be
callable by everyone with access to the server. If authentication is turned on,
then every access to the server is authenticated via HTTP authentication. This
includes Foxx.Controllers and routes. The global authentication can be toggled
via the configuration option @ref CommandLineArangoDisableAuthentication
"server.disable-authentication".
Since ArangoDB 1.4, there is an extra option to restrict the authentication to
just system API calls, such as /_api/... and /_admin/.... This option can be
turned on using the @ref CommandLineArangoAuthenticateSystemOnly
"server.authenticate-system-only" configuration option. If it is turned on,
then only system API requests need authentication whereas all requests to Foxx
applications and routes will not require authentication.
Authentication
We built an authentication system you can use in your Foxx application (but you
can of course roll your own if you want). Currently we only support
cookie-based authentication, but we will add the possibility to use Auth Tokens
and external OAuth providers in the near future. To use the authentication in
your app, first activate it: