service-bundle/Resources/doc/Security.md

### Authentication

Example security configuration:

```yaml
security:
    hide_user_not_found: false
    providers:
        connection:
            entity: { class: App\Entity\Connection, property: clientId }
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        simple-connection:
            pattern: ^/simple-connection
            stateless: true
            security: false
        front:
            pattern: ^/front
            provider: connection
            stateless: true
            custom_authenticators:
                - RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator
        main:
            pattern: ^/
            lazy: true

    access_control:
        - { path: ^/front, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/(simple-connection), roles: PUBLIC_ACCESS }
```

Login controller will be called after the authenticator successfully authenticates the user. You can get the authenticated user, generate a token (or whatever you need to return) and return response:

```php

    use App\Entity\User;
    use Symfony\Component\Security\Http\Attribute\CurrentUser;

    class ApiLoginController extends AbstractController
    {
        #[Route('/front', name: 'front')]
        public function front(#[CurrentUser] ?User $user): Response
        {
            $token = ...; // somehow create an API token for $user
 
            return $this->json([
                'user'  => $user->getUserIdentifier(),
                'token' => $token,
            ]);
        }
    }

```

The <code>#[CurrentUser]</code> can only be used in controller arguments to retrieve the authenticated user. In services, you would use getUser().

See the [manual](https://symfony.com/doc/6.0/security.html) for more information.

> If you set the parameter stateless: false, then during an active session the login will be made on the basis of the data deserialized from the session storage
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00			`### Authentication`

			`Example security configuration:`

			```yaml
			`security:`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`hide_user_not_found: false`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00			`providers:`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`connection:`
			`entity: { class: App\Entity\Connection, property: clientId }`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00			`firewalls:`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`dev:`
			`pattern: ^/(_(profiler\|wdt)\|css\|images\|js)/`
			`security: false`
			`simple-connection:`
			`pattern: ^/simple-connection`
			`stateless: true`
			`security: false`
			`front:`
Update authenticator && documentation 2022-07-21 17:39:34 +03:00			`pattern: ^/front`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`provider: connection`
Update authenticator && documentation 2022-07-21 17:39:34 +03:00			`stateless: true`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`custom_authenticators:`
			`- RetailCrm\ServiceBundle\Security\FrontApiClientAuthenticator`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00			`main:`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`pattern: ^/`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00			`lazy: true`

			`access_control:`
Update authenticator && documentation 2022-07-21 17:39:34 +03:00			`- { path: ^/front, roles: IS_AUTHENTICATED_FULLY }`
			`- { path: ^/(simple-connection), roles: PUBLIC_ACCESS }`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00			```

Fix authenticators and dependecy injection 2022-07-21 13:02:32 +03:00			`Login controller will be called after the authenticator successfully authenticates the user. You can get the authenticated user, generate a token (or whatever you need to return) and return response:`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00
			```php

Fix authenticators and dependecy injection 2022-07-21 13:02:32 +03:00			`use App\Entity\User;`
			`use Symfony\Component\Security\Http\Attribute\CurrentUser;`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00
Fix authenticators and dependecy injection 2022-07-21 13:02:32 +03:00			`class ApiLoginController extends AbstractController`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`{`
Update authenticator && documentation 2022-07-21 17:39:34 +03:00			`#[Route('/front', name: 'front')]`
			`public function front(#[CurrentUser] ?User $user): Response`
Fix authenticators and dependecy injection 2022-07-21 13:02:32 +03:00			`{`
			`$token = ...; // somehow create an API token for $user`

			`return $this->json([`
			`'user' => $user->getUserIdentifier(),`
			`'token' => $token,`
			`]);`
Update aunthenticators 2022-07-19 16:27:00 +03:00			`}`
Message handlers for symfony messenger 2021-03-31 11:00:48 +03:00			`}`

			```
Fix authenticators and dependecy injection 2022-07-21 13:02:32 +03:00
			`The <code>#[CurrentUser]</code> can only be used in controller arguments to retrieve the authenticated user. In services, you would use getUser().`
Update authenticator && documentation 2022-07-21 17:39:34 +03:00
			`See the [manual](https://symfony.com/doc/6.0/security.html) for more information.`

			`> If you set the parameter stateless: false, then during an active session the login will be made on the basis of the data deserialized from the session storage`