security: # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: default_provider: entity: class: App\Entity\User property: username manager_name: default enable_authenticator_manager: true password_hashers: App\Entity\User: algorithm: sodium firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false api: pattern: ^/api/ stateless: true custom_authenticators: - App\Security\ApiTokenAuthenticator main: pattern: ^/ provider: default_provider form_login: login_path: user_auth_login check_path: user_auth_login logout: path: user_auth_logout target: / remember_me: secret: '%kernel.secret%' lifetime: 1209600 path: / always_remember_me: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/api/v1/login$, roles: PUBLIC_ACCESS } - { path: ^/api/, roles: ROLE_USER } - { path: ^/$, roles: PUBLIC_ACCESS } - { path: ^/auth/, roles: PUBLIC_ACCESS } - { path: ^/register/, roles: PUBLIC_ACCESS } - { path: ^/magnet/, roles: PUBLIC_ACCESS } - { path: ^/, roles: ROLE_USER }