security: # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: default_provider: entity: class: App\Entity\User property: username manager_name: default encoders: App\Entity\User: # https://symfony.com/blog/new-in-symfony-4-3-native-password-encoder algorithm: 'auto' firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false api: pattern: ^/api/ anonymous: ~ stateless: true guard: authenticators: - App\Security\ApiTokenAuthenticator main: pattern: ^/ anonymous: ~ provider: default_provider form_login: login_path: user_auth_login check_path: user_auth_login logout: path: user_auth_logout target: / remember_me: secret: '%kernel.secret%' lifetime: 1209600 path: / always_remember_me: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/api/v1/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/api/, roles: ROLE_USER } - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/auth/, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register/, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/magnet/, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/, roles: ROLE_USER }