enable_authenticator_manager option placement in security.yaml

[sukhoy94]

Hi, I have recognized some unclear behavior of enable_authenticator_manager option in security.yaml.
If I have defined some custom authenticators for my firewall. enable_authenticator_manager: true cannot be declared before that firewall. If it is, my custom authenticator seems like not running. I think it should by mentioned in documentation.

enable_authenticator_manager: true
custom_firewall: 
            pattern: ^/customfirewall
            provider: jwt
            jwt:
                authenticator: app.custom_authenticator

Anyway for me it's totally unclear what does that option designed for. There is a link there in documentation (https://symfony.com/doc/current/security.html), but seems like it's provide to nowhere.

security:
    # https://symfony.com/doc/current/security/experimental_authenticators.html
    enable_authenticator_manager: true

[xabbuh]

After merging #15503 document references in the code block does not longer exist and redirects back to the main security article. I have opened #16135 to remove the link.

[xabbuh]

For the other part of your issue I have to admit that I do not fully understand what you mean. Can elaborate a bit on it?

[sukhoy94]

@xabbuh well, basically I would like to understand what does that option (enable_authenticator_manager: true) is responsible for. I mean I understand that it turns on some authenticator manager, but why and when it should be true or false?

[wouterj]

The Symfony security component has had a complete overhaul of internals during Symfony 5.x. Almost everything is the same, except from a few BC breaks.

In Symfony 5.x, both versions of the component live side-by-side. You use the enable_authenticator_manager to enable (true) the rewritten component. This way, you can update your code to work with the new system before Symfony 6. In Symfony 6, the old component will be removed and enable_authenticator_manager: true is the only valid configuration (and looking forward, in Symfony 7 this option will be removed).

You can find some more details about the breaking changes between the old and new system on the 5.2 version of this article: https://symfony.com/doc/5.2/security/experimental_authenticators.html

[sukhoy94]

@wouterj thank you for your reply. So basically if I'm doing things in the fresh app (with Symfony 5.*) I should keep that option enable_authenticator_manager as true. Okay, I'll figure out why some of my things not working when that option is enabled.
Anyway, thank you very much for answering. I think think this issue can be closed.