wip

config/packages/knpu_oauth2_client.yaml

@@ -2,8 +2,7 @@ knpu_oauth2_client:
     clients:
         auth:
             type: generic
-            provider_class: App\Service\Security\Provider
-
+            provider_class: App\Security\UserProvider
             client_id: '%env(AUTHENTIK_CLIENT_ID)%'
             client_secret: '%env(AUTHENTIK_CLIENT_SECRET)%'
             redirect_route: auth_callback

config/packages/security.yaml

@@ -4,10 +4,10 @@ security:
         Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
     # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
     providers:
+        # used to reload user from session & other features (e.g. switch_user)
         app_user_provider:
-            entity:
-                class: App\Entity\User
-                property: email
+            id: App\Security\UserProvider
+
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -17,6 +17,8 @@ security:
             provider: app_user_provider
             custom_authenticators:
                 - App\Security\Authenticator
+            form_login:
+                login_path: auth_entrypoint
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
@@ -29,6 +31,7 @@ security:
     access_control:
         # - { path: ^/admin, roles: ROLE_ADMIN }
         # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/auth, roles: PUBLIC_ACCESS }
         - { path: /, roles: ROLE_USER }
 
 when@test: