I have a symfony 2.8 application that will be used as a REST API back end
I would like to add security to all end points matching ^/api I would like to be able to use 3 different authentication method for ^/api
I am using uma/psr7-hmac-bundle, friendsofsymfony/oauth-server-bundle, APIKey authentication.
I defined 3 different firewalls and everything works for each firewalls if I remove the other two.
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
oauth_authorize:
pattern: ^/oauth/v2/auth
security: false
api_key:
pattern: ^/api
stateless: true
simple_preauth:
authenticator: api_key_authenticator
provider: api_key_user_provider
oauth_api:
pattern: ^/api
stateless: true
fos_oauth: true
provider: oauth_user
hmac_api:
pattern: ^/api
stateless: true
hmac:
apikey_header: 'X-Custom-Header-Key'
provider: hmac_user
How can I use all 3 firewalls together (chain them)? (hmac_api, oauth_api, api_key)
I looked into Guards but I am not sure how to define/implement Authenticators for HMAC and oAuth.
I looked into firewall context but because it is stateless it won't work.
Basically how can I chain multiple firewalls for same pattern? or how can I define one firewall with 3 different authenticators with considering that I am using third part bundles like friendsofsymfony/oauth-server-bundle, uma/psr7-hmac-bundle?
