gnu-social/config/packages/security.yaml

security:
    enable_authenticator_manager: true
    password_hashers:
        App\Entity\LocalUser:
            algorithm: auto
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        local_user:
            chain:
                providers: [local_user_by_nickname, local_user_by_email]
        local_user_by_nickname:
            entity:
                class: 'App\Entity\LocalUser'
                property: 'nickname'
        local_user_by_email:
            entity:
                class: 'App\Entity\LocalUser'
                property: 'outgoing_email'
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        oauth:
            pattern: ^/oauth
            security: false
        main:
            entry_point: App\Security\Authenticator
            guard:
              authenticators:
                - App\Security\Authenticator
            provider: local_user
            form_login:
                login_path: security_login
                check_path: security_login
                enable_csrf: true
            logout:
                path: security_logout
                # where to redirect after logout
                target: root

            remember_me:
                secret: '%kernel.secret%'
                secure: true
                httponly: '%remember_me_httponly%'
                samesite: '%remember_me_samesite%'
                token_provider: 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider'

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#firewalls-authentication

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/admin, roles: ROLE_OPERATOR }
        - { path: ^/settings, roles: ROLE_VISITOR }