Maybe I chose an over-complicated implementation (over here) and got a rather unusual use case (is it even?) - a login form that is displayed by an ordinary controller and a login action that expects the login attempt data as JSON.

Before manually defining anentry_point, I just kept getting anAccessDeniedException along with the messageFull authentication is required to access this resource - which wasn't very helpful - whenever I visited an existing URL without being logged in.

It took me a long time until I finally found out that I have to define anentry_point and that this setting even exists because there is no mention of it on the Security docsentry point (!) athttps://symfony.com/doc/current/security.html.

Not sure what could be done here, just thought maybe we can save other poor souls from getting lost like this as well.