Jak zaimplementować logowanie?

Cześć,

mam problem z logowaniem. Panel jakby przepuszczał tylko prawidłowe poświadczenia, ponieważ przerzuca mnie na stronę główną apki, ale w toolbarze nie wskazuje na to abym zalogowany. W przypadku złych poświadczeń nie mam zwracanego błędu (choć powinien być) i pozostawia mnie na widoku logowania.

Symfony 6.3.4

LoginController:

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

class LoginController extends AbstractController
{
    #[Route('/login', name: 'app_login')]
    public function index(AuthenticationUtils $authenticationUtils): Response
    {
        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();

        // last username entered by the user
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('login/index.html.twig', [
            'last_username' => $lastUsername,
            'error'         => $error,
        ]);
    }

Formularz logowania:

{% extends 'base.html.twig' %}

{% block title %}Logowanie{% endblock %}

{% block body %}
    {% if error %}
        <h1>{{ error.messageKey|trans(error.messageData, 'security') }}</h1>
    {% endif %}

    <form action="{{ path('app_login') }}" method="post">
        <label for="username">Email:</label>
        <input type="text" id="username" name="_username" value="{{ last_username }}">
        <label for="password">Password:</label>
        <input type="password" id="password" name="_password">
        <button type="submit">login</button>
    </form>


{% endblock %}

Security.yaml

security:
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            logout:
                path: app_logout
            lazy: true
            provider: app_user_provider
            form_login:
                # "app_login" is the name of the route created previously
                login_path: app_login
                check_path: app_login
                enable_csrf: false