security: enable_authenticator_manager: true password_hashers: App\Entity\LocalUser: algorithm: auto # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: local_user: chain: providers: [local_user_by_nickname, local_user_by_email] local_user_by_nickname: entity: class: 'App\Entity\LocalUser' property: 'nickname' local_user_by_email: entity: class: 'App\Entity\LocalUser' property: 'outgoing_email' firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false api_apps: pattern: ^/api/v1/apps$ security: false api: guard: authenticators: - Trikoder\Bundle\OAuth2Bundle\Security\Guard\Authenticator\OAuth2Authenticator provider: local_user pattern: ^/api/ security: true stateless: true main: entry_point: App\Security\Authenticator guard: authenticators: - App\Security\Authenticator provider: local_user form_login: login_path: security_login check_path: security_login enable_csrf: true logout: path: security_logout # where to redirect after logout target: root remember_me: secret: '%kernel.secret%' secure: true httponly: '%remember_me_httponly%' samesite: '%remember_me_samesite%' token_provider: 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider' # activate different ways to authenticate # https://symfony.com/doc/current/security.html#firewalls-authentication # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/admin, roles: ROLE_ADMIN } - { path: ^/settings, roles: ROLE_USER } - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }