/** * @param TokenInterface $token * @param UserProviderInterface $userProvider * @param string $providerKey * * @return PreAuthenticatedToken * * @throws BadCredentialsException */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { /* @var ApiTokenUserProvider $userProvider */ $apiToken = $token->getCredentials(); $username = $userProvider->getUsernameForToken($apiToken); if (!$username) { throw new BadCredentialsException(sprintf('API Token "%s" is invalid.', $apiToken)); } $user = $userProvider->loadUserByUsername($username); $roles = array_merge($user->getRoles(), ['ROLE_API_AUTHENTICATED']); return new PreAuthenticatedToken($user, $apiToken, $providerKey, $roles); }