Fix access control suggestions #1991
Conversation
|
Good catch, but I think this should be now put in step 4 dedicated to connect functionality as well we should add it to the recipe for flex. |
|
I don't think that putting it in step 4 is correct since, as I said, this has been needed for me even without the connect functionality, since the redirect URLS have the |
|
Could you point out more details? What version did you use of the bundle, the config & the best routes from the bundle & "check" routes? I'm quite confused that you needed that route without connect functionality. |
|
If you use the recipe, the redirect routes have a So, when you suggest to add a button in the login page: https://github.com/symfony/recipes-contrib/blob/bb846a62aecce3622965ad34d979f5f783d65c05/hwi/oauth-bundle/2.0/config/routes/hwi_oauth_routing.yaml#L3 That generates a |
|
Thanks, make sense, I think I got you wrong at first. I will make PR to the recipes repository. |
I am trying to reconfigure an app during a Symfony 5.4 -> 6.4 upgrade. During this, I took the time to realign my use of this bundle to the standard and the recipe.
I'm not using the connect feature, and I was unable to make it work until I added the suggested line to my access control, because without that the redirect route (
/connect/{service}) is hidden behind the default rule (^/ roles: ROLE_USER) and hence triggering a loop that pushes me back to the login page.