@@ -146,9 +146,9 @@ on each request with their API token. Your job is to read this and find the asso
146146user (if any).
147147
148148To create a custom authentication system, just create a class and make it implement
149- :class: `Symfony\\ Component\\ Security\\ Guard\\ GuardAuthenticatorInterface `. Or, extend
149+ :class: `Symfony\\ Component\\ Security\\ Guard\\ AuthenticatorInterface `. Or, extend
150150the simpler :class: `Symfony\\ Component\\ Security\\ Guard\\ AbstractGuardAuthenticator `.
151- This requires you to implement seven methods::
151+ This requires you to implement several methods::
152152
153153 // src/AppBundle/Security/TokenAuthenticator.php
154154 namespace AppBundle\Security;
@@ -165,10 +165,19 @@ This requires you to implement seven methods::
165165 class TokenAuthenticator extends AbstractGuardAuthenticator
166166 {
167167 /**
168- * Called on every request. Return whatever credentials you want to
169- * be passed to getUser() . Returning null will cause this authenticator
168+ * Called on every request to decide if this authenticator should be
169+ * used for the request . Returning false will cause this authenticator
170170 * to be skipped.
171171 */
172+ public function supports(Request $request)
173+ {
174+ return true;
175+ }
176+
177+ /**
178+ * Called on every request. Return whatever credentials you want to
179+ * be passed to getUser().
180+ */
172181 public function getCredentials(Request $request)
173182 {
174183 if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
@@ -240,6 +249,10 @@ This requires you to implement seven methods::
240249 }
241250 }
242251
252+ .. versionadded :: 3.4
253+ ``AuthenticatorInterface `` was introduced in Symfony 3.4. In previous Symfony
254+ versions, authenticators needed to implement ``GuardAuthenticatorInterface ``.
255+
243256Nice work! Each method is explained below: :ref: `The Guard Authenticator Methods<guard-auth-methods> `.
244257
245258Step 2) Configure the Authenticator
@@ -352,19 +365,27 @@ The Guard Authenticator Methods
352365
353366Each authenticator needs the following methods:
354367
368+ **supports(Request $request) **
369+ This will be called on *every * request and your job is to decide if the
370+ authenticator should be used for this request (return ``true ``) or if it
371+ should be skipped (return ``false ``).
372+
373+ .. versionadded :: 3.4
374+ The ``supports() `` method was introduced in Symfony 3.4. In previous Symfony
375+ versions, the authenticator could be skipped returning ``null `` in the
376+ ``getCredentials() `` method.
377+
355378**getCredentials(Request $request) **
356379 This will be called on *every * request and your job is to read the token (or
357380 whatever your "authentication" information is) from the request and return it.
358- If you return ``null ``, the rest of the authentication process is skipped. Otherwise,
359- ``getUser() `` will be called and the return value is passed as the first argument.
381+ These credentials are later passed as the first argument ot ``getUser() ``.
360382
361383**getUser($credentials, UserProviderInterface $userProvider) **
362- If ``getCredentials() `` returns a non-null value, then this method is called
363- and its return value is passed here as the ``$credentials `` argument. Your job
364- is to return an object that implements ``UserInterface ``. If you do, then
365- ``checkCredentials() `` will be called. If you return ``null `` (or throw an
366- :ref: `AuthenticationException <guard-customize-error >`)
367- authentication will fail.
384+ The ``$credentials `` argument is the value returned by ``getCredentials() ``.
385+ Your job is to return an object that implements ``UserInterface ``. If you do,
386+ then ``checkCredentials() `` will be called. If you return ``null `` (or throw
387+ an :ref: `AuthenticationException <guard-customize-error >`) authentication
388+ will fail.
368389
369390**checkCredentials($credentials, UserInterface $user) **
370391 If ``getUser() `` returns a User object, this method is called. Your job is to
@@ -390,8 +411,7 @@ Each authenticator needs the following methods:
390411
391412**start(Request $request, AuthenticationException $authException = null) **
392413 This is called if the client accesses a URI/resource that requires authentication,
393- but no authentication details were sent (i.e. you returned ``null `` from
394- ``getCredentials() ``). Your job is to return a
414+ but no authentication details were sent. Your job is to return a
395415 :class: `Symfony\\ Component\\ HttpFoundation\\ Response ` object that helps
396416 the user authenticate (e.g. a 401 response that says "token is missing!").
397417
@@ -400,9 +420,9 @@ Each authenticator needs the following methods:
400420 You will still need to active ``remember_me `` under your firewall for it to work.
401421 Since this is a stateless API, you do not want to support "remember me"
402422 functionality in this example.
403-
423+
404424**createAuthenticatedToken(UserInterface $user, string $providerKey) **
405- If you are implementing the :class: `Symfony\\ Component\\ Security\\ Guard\\ GuardAuthenticatorInterface `
425+ If you are implementing the :class: `Symfony\\ Component\\ Security\\ Guard\\ AuthenticatorInterface `
406426 instead of extending the :class: `Symfony\\ Component\\ Security\\ Guard\\ AbstractGuardAuthenticator `
407427 class, you have to implement this method. It will be called
408428 after a successful authentication to create and return the token
@@ -502,11 +522,11 @@ and add the following logic::
502522 public function getCredentials(Request $request)
503523 {
504524 $csrfToken = $request->request->get('_csrf_token');
505-
525+
506526 if (false === $this->csrfTokenManager->isTokenValid(new CsrfToken('authenticate', $csrfToken))) {
507527 throw new InvalidCsrfTokenException('Invalid CSRF token.');
508528 }
509-
529+
510530 // ... all your normal logic
511531 }
512532
0 commit comments