Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.3k
Closed
Description
In the example for a custom authenticator, the API key is passed to theUserBadge as the user identifier. However, it cannot be assumed that the API key is the same as the user identifier. Doesn't the user identifier have to be determined from the API token and then passed to theUserBadge?
symfony-docs/security/authenticator_manager.rst
Lines 318 to 328 in15084a8
| public function authenticate(Request $request): Passport | |
| { | |
| $apiToken = $request->headers->get('X-AUTH-TOKEN'); | |
| if (null === $apiToken) { | |
| // The token header was empty, authentication fails with HTTP Status | |
| // Code 401 "Unauthorized" | |
| throw new CustomUserMessageAuthenticationException('No API token provided'); | |
| } | |
| return new SelfValidatingPassport(new UserBadge($apiToken)); | |
| } |