For a Symfony 5 json API, I want to prevent already authenticated users (who have a JWT) from accessing endpoints which should only be accessible to anonymous users i.e. /login or /register.
It seems simple to configure the inverse of that but not to only allow anonymous users. Is this possible?
you can check which instance of your User is or which ROLES your user has.
edit: Link found https://symfony.com/doc/current/security.html#checking-to-see-if-a-user-is-logged-in-is-authenticated-fully
IS_ANONYMOUS: Only anonymous users are matched by this attribute.