Not configuring explicitly the provider for the "guard" listener on "x" firewall is ambiguous as there is more than one registered provider

Question

I need help to solve an error when I try to execute two different user login paths. I want to know how to use two providers to authenticate two types of users (admin/Merch).

My error looks like this in Symfony when I use two providers in security.yaml:

Not configuring explicitly the provider for the "guard" listener on "api" firewall is ambiguous as there is more than one registered provider.

Note: I'm using JWT authentication.

My file security.yaml:

security:
  encoders:
    App\Entity\User:
      algorithm: argon2i
    App\Entity\Merch:
      algorithm: argon2i
providers:
  users_provider:
    name: users_provider
    entity:
      class: App\Entity\User
      property: username   
  merchs_provider:
    name: merchs_provider
    entity:
      class: App\Entity\Merch
      property: codeMerch
firewalls:
  dev:
    pattern: ^/(_(profiler|wdt)|css|images|js)/
    security: false
  login_users:
    pattern:  ^/api/user/login
    stateless: true
    anonymous: true
    provider: users_provider
    context: my_context
    json_login:
      check_path: /api/user/login_check_user
      success_handler: lexik_jwt_authentication.handler.authentication_success
      failure_handler:          lexik_jwt_authentication.handler.authentication_failure
    login_merch:
      pattern:  ^/api/merch/login
      stateless: true
      anonymous: true
      provider: merchs_provider
      context: my_context
      json_login:
        check_path: /api/merch/login_check_merch
        success_handler: lexik_jwt_authentication.handler.authentication_success
        failure_handler: lexik_jwt_authentication.handler.authentication_failure
    refresh:
      pattern:  ^/api/token/refresh
      stateless: true
      anonymous: true
    api:
      pattern:   ^/api
      stateless: true
      guard:
        authenticators:
        - lexik_jwt_authentication.jwt_token_authenticator
    main:
      anonymous: true
access_control:
  - { path: ^/admin, roles: ROLE_ADMIN }
  - { path: ^/validator, roles: ROLE_VALIDATOR }
  - { path: ^/api/user/login, roles: ROLE_ADMIN }
  - { path: ^/api/merch/login, roles: ROLE_MERCH }
  - { path: ^/api/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

Answer 1

You have 2 user-providers:

• users_provider
• merchs_provider

Your firewall configuration for the api firewall lacks the configuration which one you want to use for this firewall.

You need to explicitly configure a provider to the api firewall to get rid of the warning:

firewalls:
  # [..]
  api:
    pattern:   '^/api'
    stateless: true
    provider: 'users_provider'
    guard:
      authenticators:
        - 'lexik_jwt_authentication.jwt_token_authenticator'

Use a chain provider to allow combined access for users and merchants to the API.

providers:
  # [..]
  chain_provider:
    chain:
      providers: ['users_provider', 'merchs_provider']