I'm starting to learn Symfony. I would like to create an API accessible with authentication. I followed the symfony documentation for creating an API skeleton (composer create-project symfony/skeleton my-project) then I followed the security section (https://symfony.com/doc/current/security.html). I arrived to the part 3a "Authentication & Firewalls". I updated the config/packages/security.yaml file then I installed the profiler.
This is my security.yaml file:
security:
encoders:
App\Entity\User:
algorithm: argon2i
cost: 12
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
# used to reload user from session & other features (e.g. switch_user)
app_user_provider:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# form_login: true
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
When I go to "http://127.0.0.1:8000/" I have the profiler bar but I'm not authenticated as anonymous, I'm not authenticated at all. So did I forget to do/configure something?
This is what I see in the profiler bar:
access_controlis activated, access is not controlled (duh). - Jakumi