# config/packages/security.yaml
security:
    providers:
        app_user_provider:
            entity:
                class: App\Entity\User
                property: keycloakId
        # used to reload user from session & other features (e.g. switch_user)

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            pattern: ^/
            lazy: true
            provider: app_user_provider
            custom_authenticator: App\Security\KeycloakAuthenticator
            logout:
                path: /logout

    access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }
        - { path: ^/login, roles: PUBLIC_ACCESS }
        - { path: ^/oauth/check/keycloak, roles: PUBLIC_ACCESS }
        - { path: ^/admin, roles: IS_AUTHENTICATED_FULLY }