API token used as user identifier in custom authenticator example

In the example for a custom authenticator, the API key is passed to the UserBadge as the user identifier. However, it cannot be assumed that the API key is the same as the user identifier. Doesn't the user identifier have to be determined from the API token and then passed to the UserBadge?

symfony-docs/security/authenticator_manager.rst

Lines 318 to 328 in 15084a8

    
                   public function authenticate(Request $request): Passport 
        
                   { 
        
                       $apiToken = $request->headers->get('X-AUTH-TOKEN'); 
        
                       if (null === $apiToken) { 
        
                           // The token header was empty, authentication fails with HTTP Status 
        
                           // Code 401 "Unauthorized" 
        
                           throw new CustomUserMessageAuthenticationException('No API token provided'); 
        
                       } 
        
                       return new SelfValidatingPassport(new UserBadge($apiToken)); 
        
                   }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	public function authenticate(Request $request): Passport
	{
	$apiToken = $request->headers->get('X-AUTH-TOKEN');
	if (null === $apiToken) {
	// The token header was empty, authentication fails with HTTP Status
	// Code 401 "Unauthorized"
	throw new CustomUserMessageAuthenticationException('No API token provided');
	}

	return new SelfValidatingPassport(new UserBadge($apiToken));
	}

Uh oh!

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions