symony 3.3 guard authetication with multiple providers

0
votes

I am implementing a symfony (3.3) custom guard authenticator to authenticate a user against OKTA and it's working fine without any issues.

However, I'd like to authenticate an admin user against the credentials stored in the database.

Basically, if any user hits /api/login endpoint it should authenticate against OKTA, except for one admin user who should be authenticated against the password stored in the database. How can I achieve this pls?

Here is my security.yml

security:

providers:
    db_user_provider:
        entity:
            class: MyApiBundle:ApiUser
            property: username

    okta_user_provider:
        id: okta_user_provider

    my_chain_provider:
        chain:
            providers:
                - db_user_provider
                - okta_user_provider

firewalls:
    login:
        pattern: ^/api/login
        anonymous: true
        stateless: true
        provider: my_chain_provider
        guard:
            authenticators:
                - authenticator_guard_okta

Many thanks

1
authenticationsymfony-3.3

1 Answers

0
votes

I solved this issue in my custom LoginFormAuthenticator

i.e in public function getUser($credentials, UserProviderInterface $userProvider)

A) check if the $credentials['username'] exist in db. If yes, find the user entity from db and return the user

B) check if the $credentials['username'] exist in okta. If yes, load the user from okta and return the user

public function checkCredentials($credentials, UserInterface $user)

A) check if the user is an instance of db user entity. If yes, validate the password and return the user

B) check if the user is an instance of okta user. If yes, validate against okta and return okta user