Unable to set different pattern for the protected area

[russellseymour]

Hello,

I am implementing OAuth on an area of my application. I am moving from Form based auth to OAuth.

I have been trying to set the pattern for the login to something other that ^/ but I keep getting an error message when I click on my Google button:

The firewall is setup as follows:

    $app['security.firewalls'] = [
      'login' => [
        'pattern' => '^/admin',
        'anonymous' => true,
        'oauth' => [
          'failure_path' => '/login',
          'with_csrf' => true
        ],
        'users' => $app -> share(function() use ($app) {
          return $app['model.account'];
        })
      ]
    ];

If I leave the pattern as `^/' then it works, does this mean that it is only possible to use OAuth across the whole website?

Thanks, Russell

[rpensek]

@russellseymour: Be sure to include this in the additional path as they should be secured as well, for example:

'default' => array(
            'pattern' => '^/admin',
            'anonymous' => false,
            'oauth' => array(
                'login_path' => '/admin/auth/{service}',
                'callback_path' => '/admin/auth/{service}/callback',
                'check_path' => '/admin/auth/{service}/check',
                'failure_path' => '/login',
                'with_csrf' => true
            )...