Document access_control setting for the logout route

scheb · Apr 3, 2019 · 883b582 · 883b582
1 parent cb77cc5
commit 883b582
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/Resources/doc/installation.md b/Resources/doc/installation.md
@@ -57,8 +57,11 @@ security:
                 auth_form_path: 2fa_login    # The route name you have used in the routes.yaml
                 check_path: 2fa_login_check  # The route name you have used in the routes.yaml
 
-    # This ensures that the form can only be accessed when two-factor authentication is in progress
+    # The path patterns shown here have to be updated according to your routes, if you're going with something custom
     access_control:
+        # This makes the logout route available during two-factor authentication, allows the user to cancel
+        - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
+        # This ensures that the form can only be accessed when two-factor authentication is in progress
         - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
 ```