No matter how you will authenticate (e.g. login form or API tokens) or where your . The user receives a specific set of roles when logging in (e.g. ROLE_ADMIN ). .. Sometimes authentication may be successful, but after redirecting, you're .