-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possibly unclear sentence about "your API has to be stateful" in the API integration docs #175
Comments
It actually should say "your firewall has to be stateful". Thanks for pointing that out. |
@danielrhodeswarp Hi, Daniel. Does your attached security config work well with LexikJWT ? |
Hello @zeromodule |
@danielrhodeswarp do you use API Platform? I do, and I can't force it to send session cookie on login. |
So, I finally managed to solve it. The problem was that, in the API Platform distribution sessions are explicitly disabled in the
|
Description
OK, this is obviously not a bug, but there's something that troubles the pedantic side of me in the doc page for API integration:
https://symfony.com/bundles/SchebTwoFactorBundle/5.x/api.html
It says "your API has to be stateful (
stateless: false
) in the firewall configuration".This is correct, but - for me with my configuration - slightly unclear. I have both a 'login' firewall and the actual 'api' firewall. And my first factor way to sign in is using JWTs with Lexik bundle.
I only have to use
stateless: false
on my login firewall (see below) for Scheb 2FA to work.When I first read "your API has to be stateful (
stateless: false
) in the firewall configuration" I imagined I had to putstateless: false
on both firewalls.Maybe I am being dopey! But I just wanted to point out something that confused me.
(I can indeed set
stateless: false
on the api firewall too, and it still works but it sends an unwanted cookie that I'd rather not send.)Additional Context
SECURITY.YAML
The text was updated successfully, but these errors were encountered: