I have an HTTP API using Symfony 3. I am using GuardAuthenticator, so that we can call the API, using a login and password, with stateless (security attribute) set to false.

Today I add another way of authenticate, by using jwt from an external IDP. In this case, I would like to have statless set to true (the user will have to provide the jwt at every call).

Do you have any ideas please ? :)

    api:
        pattern: ^/api/
        stateless: false
        guard:
            authenticators:
                - api.security.guard_authenticator
        switch_user: true
        anonymous: ~

1 Answers

0
Alannn On

in my API I have a Basic Auth + Token system. To do so, in the pre_auth I had a check for the BasicAuth.

I Guess if you passing the stateless to true, you'll have to implements something similar.