Skip to content

Commit cde8e06

Browse files
smnandresmnandre
authored
[Security] Authenticator methods description
1 parent f094dca commit cde8e06

File tree

1 file changed

+15
-12
lines changed

1 file changed

+15
-12
lines changed

security/custom_authenticator.rst

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -152,22 +152,25 @@ or there was something wrong (e.g. incorrect password). The authenticator
152152
can define what happens in these cases:
153153

154154
``onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response``
155-
If the user is authenticated, this method is called with the
156-
authenticated ``$token``. This method can return a response (e.g.
157-
redirect the user to some page).
155+
If authentication is successful, this method is called with the
156+
authenticated ``$token``.
158157

159-
If ``null`` is returned, the request continues like normal (i.e. the
160-
controller matching the login route is called). This is useful for API
161-
routes where each route is protected by an API key header.
158+
This method can return a response (e.g. redirect the user to some page).
159+
160+
If ``null`` is returned, the current request will continue (and the
161+
user will be authenticated). This is useful for API routes where each
162+
route is protected by an API key header.
162163

163164
``onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response``
164-
If an ``AuthenticationException`` is thrown during authentication, the
165-
process fails and this method is called. This method can return a
166-
response (e.g. to return a 401 Unauthorized response in API routes).
165+
If authentication failed (e. g. wrong username password), this method
166+
is called with the ``AuthenticationException`` thrown.
167+
168+
This method can return a response (e.g. send a 401 Unauthorized in API
169+
routes).
167170

168-
If ``null`` is returned, the request continues like normal. This is
169-
useful for e.g. login forms, where the login controller is run again
170-
with the login errors.
171+
If ``null`` is returned, the request continues (but the user will **not**
172+
be authenticated). This is useful for login forms, where the login
173+
controller is run again with the login errors.
171174

172175
If you're using :ref:`login throttling <security-login-throttling>`,
173176
you can check if ``$exception`` is an instance of

0 commit comments

Comments
 (0)