security: # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: default_provider: entity: class: App\Entity\User property: username manager_name: default api_token_provider: id: App\Security\ApiTokenUserProvider encoders: App\Entity\User: algorithm: 'argon2i' memory_cost: 16384 time_cost: 2 threads: 4 firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false api: pattern: ^/api/ anonymous: ~ stateless: true simple_preauth: authenticator: App\Security\ApiTokenAuthenticator provider: api_token_provider main: pattern: ^/ anonymous: ~ provider: default_provider form_login: login_path: user_login check_path: user_login logout: path: user_logout target: / remember_me: secret: '%kernel.secret%' lifetime: 604800 path: / always_remember_me: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/api/v1/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/api/, roles: ROLE_USER } - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/, roles: ROLE_USER }