/** * @param TokenInterface $token * @param JWTUserProviderInterface $userProvider * @param $providerKey * * @return PreAuthenticatedToken * * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException */ public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey) { // The user provider should implement JWTUserProviderInterface if (!$userProvider instanceof JWTUserProviderInterface) { throw new InvalidArgumentException('Argument must implement interface Auth0\\JWTAuthBundle\\Security\\Core\\JWTUserProviderInterface'); } if ($token->getCredentials() === null) { $user = $userProvider->getAnonymousUser(); } else { // Get the user for the injected UserProvider $user = $userProvider->loadUserByJWT($token->getCredentials()); if (!$user) { throw new AuthenticationException(sprintf('Invalid JWT.')); } } return new PreAuthenticatedToken($user, $token, $providerKey, $user->getRoles()); }