[security] Provide authentification token when using an user checker

[fabienlem]

Description

Hi there,

When using a custom user checker, ie:

security:
    firewalls:
        api:
            user_checker: 'App\Security\UserChecker'

I would like to be able to get the authentication token. My use case is as follows: I want to make checks less stringent when an impersonation is in progress.

Injecting the Security service does not provide a solution.

use Symfony\Bundle\SecurityBundle\Security;

    public function checkPostAuth(UserInterface $user): void
    {
        $this->security->getToken(); // null
    }

I saw that in Symfony\Component\Security\Http\EventListener\UserCheckerListener the token could be provided as second parameter to the checkPostAuth method. So it could be posible to achieve some things like knowing if an impersonation is in progress.

What do you think about this proposal?

Kind regards,

Fabien

Example

No response

[mdeboer]

I very much like this idea. Found it odd why it isn't provided in postAuth really.

[dmiedev]

So there is not a single way how to obtain the token?

[dmiedev]

Welp, this is troublesome :/
One could probably use $this->requestStack->getCurrentRequest()->headers->get('authorization') as a temporary (and somewhat ugly) workaround

[carsonbot]

Thank you for this suggestion.
There has not been a lot of activity here for a while. Would you still like to see this feature?

[dmiedev]

Yes