/** * Returns an authenticated token * * @param TokenInterface $token * @param UserProviderInterface $userProvider * @param string $providerKey * * @return PreAuthenticatedToken * * @throws AuthenticationException If the api key does not exist or is invalid * @throws RuntimeException If $userProvider is not an instance of AdvancedUserProviderInterface */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { if (!$userProvider instanceof AdvancedUserProviderInterface) { throw new RuntimeException(sprintf('The api key provider must implement %s', AdvancedUserProviderInterface::class)); } $apiKey = $token->getCredentials(); $user = $userProvider->findUserByApiKey($apiKey); if (!$user) { throw new AuthenticationException(sprintf('API key %s does not exist!', $apiKey)); } return new PreAuthenticatedToken($user, $apiKey, $providerKey, $user->getRoles()); }