Description
acts_as_token_authentication_handler_for Guest, fallback: :none
acts_as_token_authentication_handler_for User, fallback: :exception
In this case, user authentication works, but trying to authenticate as a guest returns 401. Same if fallback: :exception is removed and defaulted to :devise.
Both set to :exception 401s for everything, presumably since one always fails.
acts_as_token_authentication_handler_for Guest, fallback: :none
acts_as_token_authentication_handler_for User, fallback: :none
In this case, it works when authenticating as either. However, if neither authenticate, it doesn't return 401, it just proceeds into the method and typically 500s because of an error caused by current_guest/current_user being nil. This is the least bad option, but would still prefer a 401, without having to do it manually.
Note that it appears to work as expected when the two models are used for separate endpoints, you can even set both to fallback: :exception to 401 for both.
Basically the desired behaviour is like :none for both, but setting an overall fallback to :exception. This doesn't seem to be possible currently. Moreover the documentation implies that setting the last one has that effect, when it actually doesn't.