Skip to content

[Cookbook][Custom Authentication Provider] add a note of warning for when forbidding anonymous users #3422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions cookbook/security/custom_authentication_provider.rst
Original file line number Diff line number Diff line change
@@ -182,6 +182,13 @@ a 403 Response is returned.
does not require maintaining authentication sessions or login forms, it
won't be used for this example.

.. note::

Returning prematurely from the listener is relevant only if you want to chain
authentication providers (for example to allow anonymous users). If you want
to forbid access to anonymous users and have a nice 403 error, you should set
the status code of the response before returning.

The Authentication Provider
---------------------------