Clarification on stateful firewall, fixes #175

scheb · Feb 23, 2023 · 701cdc4 · 701cdc4
1 parent 6db73c6
commit 701cdc4
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/doc/api.rst b/doc/api.rst
@@ -7,10 +7,11 @@ but provides API endpoints instead.
 Prerequisites
 -------------
 
-To make two-factor authentication work in an API, your **API has to be stateful** (``stateless: false`` in the firewall
-configuration or not configured at all, as it's stateful per default). That means the API is starting a session which is
-passed by the client on every call. The session is necessary for two-factor authentication to store the state of the
-login - if the user has already completed two-factor authentication or not.
+To make two-factor authentication work in an API, the firewall that you're doing your authentication on
+**has to be stateful** (``stateless: false`` in the firewall configuration or not configured at all, as it's stateful
+per default). That means the API is starting a session which is passed by the client on every call. The session is
+necessary for two-factor authentication to store the state of the login - if the user has already completed two-factor
+authentication or not.
 
 If you use a custom authenticator (you may have followed Symfony's guide
 `Custom Authentication System with Guard (API Token Example) <https://symfony.com/doc/current/security/guard_authentication.html>`_),