Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[SecurityBundle] Set translator in AccessTokenAuthenticator in Security bundle config#54734
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
smnandre commentedApr 25, 2024
It has been removed as a fix:#50819 |
in translated string
dwgebler commentedApr 25, 2024
I have amended this branch to an alternative solution; we try to translate, but revert the translation if the result contains any non-ASCII characters. I don't think the linked fix is the right one, really - it's just making it impossible to do any translation here at all, even if the result would be valid and RFC compliant. |
src/Symfony/Component/Security/Http/Tests/Authenticator/AccessTokenAuthenticatorTest.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/Tests/Authenticator/AccessTokenAuthenticatorTest.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/Authenticator/AccessTokenAuthenticator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/Authenticator/AccessTokenAuthenticator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/Authenticator/AccessTokenAuthenticator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
wouterj commentedJun 9, 2024 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
What is the use-case for translating this message if - according to the RFC 6750 - it must not be displayed to the end user? Also, this means we'll have deprecated translation strings in the repository (like Spanish as mentioned in#50811). I'm not sure how we are supposed to fix this, given you probably have to use non-ANCII characters in those languages. I'm still leaning towards not using the translator here for these arguments. |
dwgebler commentedJun 10, 2024
"Not displayed to users" isn't quite the same thing as "never seen by a human"; easy to imagine the reasons for authentication failures supplied in headers may end up in logs and as such the information may aid with various inquiry and analysis. It's also not necessarily the case that every system respects the RFC, as not every access token system is OAuth2 compliant, so we don't know this message won't be displayed.
I would argue that allowingsome translation, even if limited to ASCII characters, is useful. The case for translation may not necessarily be to another language, but e.g. alternative or simplified English for example. |
fabpot commentedMar 29, 2025
Closing as explained by the other core team members. |
The
AccessTokenAuthenticatordoesn't get configured with thetranslatorservice. This appears to be a bug, as this class'ssetTranslatoris unused and the translator can't be injected anywhere else.