-
-
Notifications
You must be signed in to change notification settings - Fork 204
/
security.yaml
53 lines (47 loc) · 1.83 KB
/
security.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
security:
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
app_user_provider:
id: 'App\Security\Core\UserProvider'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: app_user_provider
stateless: true
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/profile, roles: IS_AUTHENTICATED_FULLY }
when@prod: &prod
security:
firewalls:
main:
access_token:
token_handler: App\Security\Http\AccessToken\Oidc\OidcDiscoveryTokenHandler
# todo support Discovery in Symfony
# oidc:
# claim: 'email'
# base_uri: '%env(OIDC_SERVER_URL)%'
# audience: '%env(OIDC_AUD)%'
# cache: '@cache.app' # default
# cache_ttl: 600 # default
when@dev: *prod
when@test:
security:
firewalls:
main:
access_token:
token_handler:
oidc:
claim: 'email'
audience: '%env(OIDC_AUD)%'
issuers: [ '%env(OIDC_SERVER_URL)%' ]
algorithm: 'ES256'
keyset: '{"keys":[%env(OIDC_JWK)%]}'