I my application I have one package the contains the “application” frontend, with user authentication and a authenticationProvider defined like
Neos:
Flow:
security:
authentication:
authenticationStrategy: oneToken
providers:
'Vendor.Application:User':
provider: 'PersistedUsernamePasswordProvider'
token: 'Neos\Flow\Security\Authentication\Token\UsernamePassword'
requestPatterns:
'Vendor.Application:ApplicationControllers':
pattern: 'ControllerObjectName'
patternOptions:
controllerObjectNamePattern: 'Vendor\Application\Controller\.*'
entryPoint: WebRedirect
entryPointOptions:
routeValues:
'@package': 'Vendor.Application'
'@controller': 'Login'
'@action': 'login'
'@format': 'html'
and a separate package that contains a “administration” with a administration provider configured in the same way, but with the providername 'Vendor.Backoffice:User'
.
These two parts are separate system and if you authenticate in the backoffice, doesn’t mean that you authenticated as a application user - and the other around as well
But, every time I authenticate to my Backoffice and then browse to the application how does Flow differentiate?
How do I avoid that ex. the viewhelper IfAuthenticated
doesn’t end up returning a positive result in the `Application´ content, when I’m only authenticated in the Backoffice?
Can anybody put some light on this topic, it’s a missing “in-depth” thing in the security documentation that I would love to know more about