/** * Looks up the token and loads the user based on it * * @param TokenInterface $token * @return ApiAuthToken|TokenInterface * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException * @throws \Exception */ public function authenticate(TokenInterface $token) { // the actual token string value from the header - e.g. ABCDEFG $tokenString = $token->getCredentials(); return; // find the ApiToken object in the database based on the TokenString // $apiToken = // todo if (!$apiToken) { throw new BadCredentialsException('Invalid token'); } // look up the user based on the ApiToken.userId value // $user = // todo if (!$user) { throw new \Exception('A token without a user? Some crazy things are happening'); } $authenticatedToken = new ApiAuthToken($user->getRoles()); $authenticatedToken->setUser($user); $authenticatedToken->setAuthenticated(true); return $authenticatedToken; }