AuthenticatorInterface

interface AuthenticatorInterface implements AuthenticationEntryPointInterface

The interface for all "guard" authenticators.

The methods on this interface are called throughout the guard authentication process to give you the power to control most parts of the process from one location.

Methods

Response start(Request $request, AuthenticationException $authException = null)

Returns a response that directs the user to authenticate.

from AuthenticationEntryPointInterface
bool supports(Request $request)

Does the authenticator support the given Request?

mixed getCredentials(Request $request)

Get the authentication credentials from the request and return them as any type (e.g. an associate array).

UserInterface|null getUser(mixed $credentials, UserProviderInterface $userProvider)

Return a UserInterface object based on the credentials.

bool checkCredentials(mixed $credentials, UserInterface $user)

Returns true if the credentials are valid.

GuardTokenInterface createAuthenticatedToken(UserInterface $user, string $providerKey)

Create an authenticated token for the given user.

Response|null onAuthenticationFailure(Request $request, AuthenticationException $exception)

Called when authentication executed, but failed (e.g. wrong username password).

Response|null onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)

Called when authentication executed and was successful!

bool supportsRememberMe()

Does this method support remember me cookies?

Details

Response start(Request $request, AuthenticationException $authException = null)

Returns a response that directs the user to authenticate.

This is called when an anonymous request accesses a resource that requires authentication. The job of this method is to return some response that "helps" the user start into the authentication process.

Examples: A) For a form login, you might redirect to the login page return new RedirectResponse('/login'); B) For an API token authentication system, you return a 401 response return new Response('Auth header required', 401);

Parameters

Request $request The request that resulted in an AuthenticationException
AuthenticationException $authException The exception that started the authentication process

Return Value

Response

bool supports(Request $request)

Does the authenticator support the given Request?

If this returns false, the authenticator will be skipped.

Parameters

Request $request

Return Value

bool

mixed getCredentials(Request $request)

Get the authentication credentials from the request and return them as any type (e.g. an associate array).

Whatever value you return here will be passed to getUser() and checkCredentials()

For example, for a form login, you might:

 return array(
     'username' => $request->request->get('_username'),
     'password' => $request->request->get('_password'),
 );

Or for an API token that's on a header, you might use:

 return array('api_key' => $request->headers->get('X-API-TOKEN'));

Parameters

Request $request

Return Value

mixed Any non-null value

Exceptions

UnexpectedValueException If null is returned

UserInterface|null getUser(mixed $credentials, UserProviderInterface $userProvider)

Return a UserInterface object based on the credentials.

The credentials are the return value from getCredentials()

You may throw an AuthenticationException if you wish. If you return null, then a UsernameNotFoundException is thrown for you.

Parameters

mixed $credentials
UserProviderInterface $userProvider

Return Value

UserInterface|null

Exceptions

AuthenticationException

bool checkCredentials(mixed $credentials, UserInterface $user)

Returns true if the credentials are valid.

If any value other than true is returned, authentication will fail. You may also throw an AuthenticationException if you wish to cause authentication to fail.

The credentials are the return value from getCredentials()

Parameters

mixed $credentials
UserInterface $user

Return Value

bool

Exceptions

AuthenticationException

GuardTokenInterface createAuthenticatedToken(UserInterface $user, string $providerKey)

Create an authenticated token for the given user.

If you don't care about which token class is used or don't really understand what a "token" is, you can skip this method by extending the AbstractGuardAuthenticator class from your authenticator.

Parameters

UserInterface $user
string $providerKey The provider (i.e. firewall) key

Return Value

GuardTokenInterface

See also

AbstractGuardAuthenticator

Response|null onAuthenticationFailure(Request $request, AuthenticationException $exception)

Called when authentication executed, but failed (e.g. wrong username password).

This should return the Response sent back to the user, like a RedirectResponse to the login page or a 403 response.

If you return null, the request will continue, but the user will not be authenticated. This is probably not what you want to do.

Parameters

Request $request
AuthenticationException $exception

Return Value

Response|null

Response|null onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)

Called when authentication executed and was successful!

This should return the Response sent back to the user, like a RedirectResponse to the last page they visited.

If you return null, the current request will continue, and the user will be authenticated. This makes sense, for example, with an API.

Parameters

Request $request
TokenInterface $token
string $providerKey The provider (i.e. firewall) key

Return Value

Response|null

bool supportsRememberMe()

Does this method support remember me cookies?

Remember me cookie will be set if all of the following are met: A) This method returns true B) The rememberme key under your firewall is configured C) The "remember me" functionality is activated. This is usually done by having a _rememberme checkbox in your form, but can be configured by the "alwaysrememberme" and "remembermeparameter" parameters under the "remember_me" firewall key D) The onAuthenticationSuccess method returns a Response object

Return Value

bool

© 2004–2017 Fabien Potencier
Licensed under the MIT License.
http://api.symfony.com/4.0/Symfony/Component/Security/Guard/AuthenticatorInterface.html