I am implementing a symfony (3.3) custom guard authenticator to authenticate a user against OKTA and it's working fine without any issues.
However, I'd like to authenticate an admin user against the credentials stored in the database.
Basically, if any user hits /api/login endpoint it should authenticate against OKTA, except for one admin user who should be authenticated against the password stored in the database. How can I achieve this pls?
Here is my security.yml
security:
providers:
db_user_provider:
entity:
class: MyApiBundle:ApiUser
property: username
okta_user_provider:
id: okta_user_provider
my_chain_provider:
chain:
providers:
- db_user_provider
- okta_user_provider
firewalls:
login:
pattern: ^/api/login
anonymous: true
stateless: true
provider: my_chain_provider
guard:
authenticators:
- authenticator_guard_okta
Many thanks
I solved this issue in my custom LoginFormAuthenticator
i.e in
public function getUser($credentials, UserProviderInterface $userProvider)A) check if the $credentials['username'] exist in db. If yes, find the user entity from db and return the user
B) check if the $credentials['username'] exist in okta. If yes, load the user from okta and return the user
public function checkCredentials($credentials, UserInterface $user)A) check if the user is an instance of db user entity. If yes, validate the password and return the user
B) check if the user is an instance of okta user. If yes, validate against okta and return okta user