Skip to content

Commit

Permalink
Document the requirement for logged-in user
Browse files Browse the repository at this point in the history
  • Loading branch information
ajgarlag committed Oct 15, 2024
1 parent 44272ff commit 97a1c04
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -137,10 +137,13 @@ security:
type: php
```

## Post-installation

You can verify that everything is working by issuing a `POST` request to the `/token` endpoint.

**❮ NOTE ❯** It is recommended to control the access to the authorization endpoint
so that only logged in users can approve authorization requests.
It is required to control access to the authorization endpoint
so that only logged-in users can approve authorization requests.

You should review your `config/security.yaml` file. Here is a sample configuration:

```yaml
Expand All @@ -149,6 +152,9 @@ security:
- { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }
```
> [!IMPORTANT]
> The requirement for a logged-in user to approve authorization requests was introduced in version 0.9.0. In previous versions, it was only a recommendation.
## Configuration
* [Basic setup](basic-setup.md)
Expand Down

0 comments on commit 97a1c04

Please sign in to comment.