headers->has('X-AUTH-TOKEN'); } public function authenticate(Request $request): Passport { // $apiToken = $request->headers->get('X-AUTH-TOKEN'); // if (null === $apiToken) { // The token header was empty, authentication fails with HTTP Status // Code 401 "Unauthorized" // throw new CustomUserMessageAuthenticationException('No API token provided'); // } // implement your own logic to get the user identifier from `$apiToken` // e.g. by looking up a user in the database using its API key // $userIdentifier = /** ... */; // return new SelfValidatingPassport(new UserBadge($userIdentifier)); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response { // on success, let the request continue return null; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { $data = [ // you may want to customize or obfuscate the message first 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()) // or to translate this message // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData()) ]; return new JsonResponse($data, Response::HTTP_UNAUTHORIZED); } // public function start(Request $request, AuthenticationException $authException = null): Response // { // /* // * If you would like this class to control what happens when an anonymous user accesses a // * protected page (e.g. redirect to /login), uncomment this method and make this class // * implement Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface. // * // * For more details, see https://symfony.com/doc/current/security/experimental_authenticators.html#configuring-the-authentication-entry-point // */ // } }