Restricting routes by scope example

[slawekadamek]

Hello
I have a problem with Restricting routes by scope described in:
https://github.com/trikoder/oauth2-bundle/blob/v3.x/docs/basic-setup.md#restricting-routes-by-scope
there is an example which doesn't work for me:

oauth2_restricted:
path: /api/restricted
controller: 'App\Controller\FooController::barAction'
defaults:
oauth2_scopes: ['foo', 'bar']

Where - in which file should it be defined ?
in 'security.yaml' or 'trikoder_oauth2.yaml' or some other - in which section ?

Thank you :)

[maciekstary]

Yeah, trikoder could have done better with docs...
You should set it in your controller. If you use annotations in symfony it would be something like this:

/**
 * @Route("/api/restricted", defaults={"oauth2_scopes"={"foo","bar"}})
 */
public function barAction(Request $request) 
{...