How to have multiple authenticator in Symfony2 Security simple_preauth firewall

Question

We are building a Symfony website where it will expose REST API for mobile app but with authentication token, which will autorize the Developer to consume the API, For this feature, I am using simple_preauth firewall authenticator, which works just fine. Firewall configuration :

firewalls:
    app_authenticated:
        pattern: ^/api
        context: app
        stateless: true
        simple_preauth:
            authenticator: api_key_authenticator

But our mobile app will offer end-user to login and we need the user's session to be stateless, which means, logged-in user's token has to be supplied along with developer's token, How do I implement multimple authenticator under simple_preauth firewall index?

I tried supplying [api_key_authenticator, api_key_authenticator2] as 2 authenticators but simple_preauth.authenticator requires value to be scalar, not array. Any help around ?

Why can't your authenticator handle both developer and user tokens? — Cerad
It seems authenticateToken method in my ApiKeyAuthenticator gets called only once as configured in firewalls and returns a PreAuthenticatedToken instance. Hence I can't validate another key in there. — Jeet

Ivan Ovcharenko Ivan Ovcharenko · Accepted Answer · 2018-05-08T11:15:11

It is only possible since Symfony 2.8 using Guard authentication:

https://symfony.com/doc/2.8/security/guard_authentication.html

    firewalls:
    other_user_access:
        pattern: ^/api/user/email$
        guard:
            authenticators:
                - dev_authenticator
                - api_prod_user_authenticator
                - api_token_authenticator
        entry_point: dev_authenticator

How to have multiple authenticator in Symfony2 Security simple_preauth firewall

1 Answers