Securing my API with "fos_oauth: true"

[novacp]

I've read the RFC for oauth2 and I think that I understand it well, so the firewalls within security.yml make sense (oauth_authorize and oauth_token). What I don't understand yet and couldn't find any docs about is securing the "api firewall", e.g. by using a JWT:

api:
            pattern:    ^/api/
            **fos_oauth:  true**
            stateless:  true

So when I just used JWT, I had like the following within my api firewall:

api:
      pattern: ^/api
      stateless: true
      provider: a0
      simple_preauth:
        authenticator: jwt_auth.jwt_authenticator

Is this the pendant to "fos_oauth: true" ? What exactly is this line doing, is this referencing a guard authenticator, validating the token? In addition, where is the private key stored needed to create the JWT and the public one to validate?

I've found the "OAuthProvider" mechanisms, using Events/Listeners.. ok that might be called when I configure fos_oauth: true within security.yml .. still don't understand it fully, in addition no idea to implement jwt. If there is no support for jwt at the moment, how would I validate the token given by the client in my resource servers, which are different applications than the authorization server?

Best regards

[pura]

+1 same question.

[dinamic]

Adding fos_oauth: true to the configuration enables the security factory, so the bundle is able to register an independent security mechanism. More on custom authentication providers: here.

JWT uses different means to register as security mechanism, thus the syntax difference.

I haven't used JWT so far, so I am afraid I wouldn't be of much help configuring it.