/** * Attempts to authenticate a TokenInterface object. * * @param TokenInterface $token The TokenInterface instance to authenticate * * @return TokenInterface An authenticated TokenInterface instance, never null * * @throws AuthenticationException if the authentication fails */ public function authenticate(TokenInterface $token) { if (!$token instanceof HawkToken) { throw new \InvalidArgumentException('Provided token is not HawkToken'); } try { $user = $this->userProvider->loadUserByUsername($token->getId()); $this->userChecker->checkPreAuth($user); $this->hawkServer->authenticate($token->getMethod(), $token->getHost(), $token->getPort(), $token->getUri(), $token->getContentType(), $token->getPayload(), $token->getAuthorizationHeader()); $this->userChecker->checkPostAuth($user); $authenticatedToken = new HawkToken($user->getRoles()); $authenticatedToken->copy($token); $authenticatedToken->setAuthenticated(true); $authenticatedToken->setUser($user); return $authenticatedToken; } catch (UnauthorizedException $exception) { throw new AuthenticationException('Invalid Hawk authentication data'); } }