0

I'm starting to learn Symfony. I would like to create an API accessible with authentication. I followed the symfony documentation for creating an API skeleton (composer create-project symfony/skeleton my-project) then I followed the security section (https://symfony.com/doc/current/security.html). I arrived to the part 3a "Authentication & Firewalls". I updated the config/packages/security.yaml file then I installed the profiler.

This is my security.yaml file:

security:
    encoders:
        App\Entity\User:
            algorithm: argon2i
            cost: 12

    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: username
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~

            # activate different ways to authenticate

            # http_basic: true
            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate

            # form_login: true
            # https://symfony.com/doc/current/security/form_login_setup.html

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

When I go to "http://127.0.0.1:8000/" I have the profiler bar but I'm not authenticated as anonymous, I'm not authenticated at all. So did I forget to do/configure something? This is what I see in the profiler bar: my result

Improve this question
4
  • Authentication means “login”. Did you actually log in? Commented Mar 26, 2019 at 14:58
  • In the documentation it is written "Don't be fooled by the "Yes" next to Authenticated. The firewall verified that it does not know your identity, and so, you are anonymous" plus "A firewall is your authentication system". Does it means I have to be connected to the application? It is not completely clear for me. I was thinking that the firewall would force the user to be logged in before accessing the application or the api. Commented Mar 26, 2019 at 15:23
  • You firewall is not configured to handle authentication! you can try with http_basic and configure access_control Commented Mar 26, 2019 at 15:58
  • unless access_control is activated, access is not controlled (duh). Commented Mar 26, 2019 at 15:59

1 Answer 1

Reset to default
2

Try adding

access_control:
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Finally, I added api-platform to my project so it handles Api natively. Thanks for your help.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.