[Question]: How to document Symfony App Roles

[micter59]

Version

4.31

Question

Hello.
I'm using this bundle to generate the documentation of an API.
The API is made available through Symfony 6.4 controllers.
Authentication is made through a JW Token, and works correctly.
Even if the user of the API has a JWT, I'm checking his application roles, as not every API endpoints are available to all users.
So in Symfony's API Controller, I'm checking this with the @IsGranted('ROLE_XXX') attribute.
How could I made this appear in the documentation ?

Thanks.

Additional context

No response

[micter59]

For now, I use the #[OA\Response] to indicate this, but this is not very visible.
I looked for the Security annotation, but this seems not be usable with symfony app roles.
If you have an other idea to do this, don't hesitate to tell me.

[DjordyKoert]

Have a look at https://symfony.com/bundles/NelmioApiDocBundle/current/security.html

First define your securityScheme(s) in the bundle configuration.

Then use Nelmio's #[Security] attribute #[Security(name: "YourSchemeNameHere", scopes: ['ROLE_API'])]

[micter59]

Thanks for your answer. If I understand you well, there will be only 1 securityScheme to check the JWT token, and then the "scope" part of the #[Security] attribute will do the job for the documentation. Am I right ?