public function handle(GetResponseEvent $event) { $request = $event->getRequest(); $oauthEvent = new OAuth2AuthenticationEvent($this->securityContext); if ($request->request->get("_username") !== null && $request->request->get("_password") !== null) { $token = new OAuthUserToken(); $token->setUser($request->request->get("_username")); $token->setPassword($request->request->get("_password")); try { $this->eventDispatcher->dispatch(PreAuthenticationEvents::OAUTH2_PRE_AUTHENTICATION, $oauthEvent); $authToken = $this->authenticationManager->authenticate($token); $authToken->setAuthenticated(true); $this->securityContext->setToken($authToken); $this->eventDispatcher->dispatch(PostAuthenticationSuccessEvents::OAUTH2_POST_AUTHENTICATION_SUCCESS, $oauthEvent); } catch (AuthenticationException $failed) { // To deny the authentication clear the token. // Make sure to only clear your token, not those of other authentication listeners. $token = $this->securityContext->getToken(); if ($token instanceof OAuthUserToken) { $this->securityContext->setToken(null); } $this->eventDispatcher->dispatch(PostAuthenticationFailureEvents::OAUTH2_POST_AUTHENTICATION_FAILURE, $oauthEvent); } } else { $token = $this->securityContext->getToken(); if ($token instanceof OAuthUserToken) { if (time() > $token->getExpireTime()) { try { $this->eventDispatcher->dispatch(PreRefreshEvents::OAUTH2_PRE_REFRESH, $oauthEvent); $newToken = $this->authenticationManager->refresh($token); $this->securityContext->setToken($newToken); $this->eventDispatcher->dispatch(PostRefreshSuccessEvents::OAUTH2_POST_REFRESH_SUCCESS, $oauthEvent); } catch (AuthenticationException $failed) { // To deny the authentication clear the token. // Make sure to only clear your token, not those of other authentication listeners. $token = $this->securityContext->getToken(); if ($token instanceof OAuthUserToken) { $this->securityContext->setToken(null); } $this->eventDispatcher->dispatch(PostRefreshFailureEvents::OAUTH2_POST_REFRESH_FAILURE, $oauthEvent); } } } } // elsewhere we do nothing return; }