8000 API token used as user identifier in custom authenticator example · Issue #15886 · symfony/symfony-docs · GitHub
[go: up one dir, main page]

Skip to content
API token used as user identifier in custom authenticator e 8000 xample #15886
Closed
@ihmels

Description

@ihmels

In the example for a custom authenticator, the API key is passed to the UserBadge as the user identifier. However, it cannot be assumed that the API key is the same as the user identifier. Doesn't the user identifier have to be determined from the API token and then passed to the UserBadge?

public function authenticate(Request $request): Passport
{
$apiToken = $request->headers->get('X-AUTH-TOKEN');
if (null === $apiToken) {
// The token header was empty, authentication fails with HTTP Status
// Code 401 "Unauthorized"
throw new CustomUserMessageAuthenticationException('No API token provided');
}
return new SelfValidatingPassport(new UserBadge($apiToken));
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    SecurityhasPRA Pull Request has already been submitted for this issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0