I made a project that is divided into two parts, the front-end part using Vue.js and the back-end part using Symfony and API platform. I did an authentication system on my API platform with JWT tokens like this: https://api-platform.com/docs/core/jwt/ which works like a charm when using it with Vue.js and Axios library.
However, I would like to use the Symfony auth component to create an admin access on my project Symfony, just to allow the admin to create new things and save them in my db. The route will be /admin/whatever. In my security.yaml, I already have a firewall for the API/JWT authentication which looks like this:
enter image description here
How can I use another which handles the "classic" authentication of Symfony so I can have 2 authentication systems independent on each other?
Edit : I tried this :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
lazy: true
provider: app_user_provider
json_login:
check_path: /authentication_token
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
jwt: ~
main:
lazy: true
provider: app_user_provider
custom_authenticator: App\Security\LoginAuthenticator
logout:
path: app_logout
With this access control :
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/profil, roles: ROLE_USER }
- { path: ^/authentication_token, roles: PUBLIC_ACCESS }
- { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
But my /profil route displays this capture My authentication to the api with token while doing a request still works though
CodePudding user response:
You need to have two different configuration in your security.yaml. For example login for the api connexion and main for your app connection
# API connexion
login:
pattern: ^/api/login$
stateless: true
json_login:
check_path: /api/login
username_path: email
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
# App connection
main:
lazy: true
provider: app_user_provider
# other configuration ...
CodePudding user response:
Edit I may have found the solution (at least it works) :
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api/
stateless: true
provider: app_user_provider
jwt: ~
login:
pattern: ^/authentication_token
json_login:
check_path: /authentication_token
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
main:
lazy: true
provider: app_user_provider
custom_authenticator: App\Security\LoginAuthenticator
logout:
path: app_logout
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/profil, roles: ROLE_USER }
- { path: ^/authentication_token, roles: PUBLIC_ACCESS }
- { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
But I found it nearly randomly, testing a few different configurations, not really knowing what I was doing. So could someone explain me what does this code do exactly ? And why what I tested just before didn't work ? ("/authentication_token" is a route that I call with a POST request, passing it an email and a password and it shall return a token that I use to authenticate for the requests on my api, made with API Platform bundle)