Symfony 6: How to properly configure multiple JWT providers for different user roles?
I'm working on a Symfony 6 project where I need to implement JWT authentication for different user roles. I want to have separate JWT providers for 'admin' and 'user' roles, using the LexikJWTAuthenticationBundle. However, I'm running into issues where the JWT generated for one role seems to be valid for the other, which shouldn't be the case. Here's what I've tried so far: 1. I've defined two different security firewalls in `security.yaml`: ```yaml security: firewalls: admin: pattern: ^/admin stateless: true jwt: provider: admin_user_provider user: pattern: ^/user stateless: true jwt: provider: regular_user_provider ``` 2. I created two different user providers in the same `security.yaml`: ```yaml providers: admin_user_provider: entity: class: App\Entity\Admin property: email regular_user_provider: entity: class: App\Entity\User property: email ``` 3. In my JWT encoding parameters, Iām trying to set unique claims for each role: ```yaml lexik_jwt_authentication: secret_key: '%env(JWT_SECRET_KEY)%' public_key: '%env(JWT_PUBLIC_KEY)%' pass_phrase: '%env(JWT_PASSPHRASE)%' token_ttl: 3600 ``` However, when I generate the JWT for an admin and then try to use that token as a regular user, the request still goes through without any issues. The tokens don't seem to enforce the role restrictions as I expected. I've checked the claims in the JWT and they do contain the correct role information. Yet, the Symfony security component does not seem to be validating it correctly based on the firewalls. Am I missing something in the configuration or is there a specific way to handle role-based JWTs in Symfony that Iām not aware of? Any help would be appreciated! My development environment is Windows. Thanks in advance! This is part of a larger service I'm building. What's the best practice here?