I apologize if this is covered elsewhere. I couldn't find any mention in articles, docs or issues. Is there a specific reason why AnonymousToken doesn't get the providerKey while all other AbstractToken subclasses do?
I am trying, programatically, to determine which firewall emitted an AnonymousToken and saw that it was not stored in the token.
I can create a PR to add it. I just wasn't sure if there was a security issue related to it so figured I'd ask first.
Probably related to #10651
I saw the issue, but I wasn't sure if they were related. AnonymousAuthenticationProvider doesn't check to validate the providerKey. Just the key used by the firewall configuration.
@carlalexander right. Worth to have them linked anyway.