5

In Symfony 4, the AuthenticatorInterface::supports() method has the following comment:

interface AuthenticatorInterface extends AuthenticationEntryPointInterface
{
    /**
     * Does the authenticator support the given Request?
     *
     * If this returns false, the authenticator will be skipped.
     *
     * @param Request $request
     *
     * @return bool
     */
    public function supports(Request $request);

I find the phrasing confusing. My first instinct when I tried implementing this was to return true if the request contains a username and password field, but then I remembered that all the requests I am receiving are getting authenticated, even if i am not using the login form.

Is the supports() method a way to override the security.firewalls.myFirewall.pattern argument? Is it a thing that handles the flow between multiple authenticators?

How should I use this interface?

Loupax
  • 4,728
  • 6
  • 41
  • 68

2 Answers2

2

I agree this feature isn't that well documented (yet). The only thing I can find is this:

How to Create a Custom Authentication System with Guard

supports(Request $request)

This will be called on every request and your job is to decide if the authenticator should be used for this request (return true) or if it should be skipped (return false).

For example: you can use the Request to check if it is a XMLHttpRequest (AJAX), so you can have dedicated AjaxAuthenticator.

A similar feature (VoterInterface::support()) is documented at How to Use Voters to Check User Permissions.

Community
  • 1
  • 1
Stephan Vierkant
  • 9,674
  • 8
  • 61
  • 97
  • 2
    After reading the source code a bit more, that's my guess as well. It looks like it's used when we are having multiple authenticators inside a specific firewall – Loupax Nov 16 '17 at 06:38
  • 1
    After digging up the docs a bit more, I found this: https://symfony.com/blog/new-in-symfony-3-4-guard-authentication-improvements This makes it sound like we should return true only when the user submits the login form. – Loupax Nov 16 '17 at 13:36
  • You should have written a response with your comment's content. I did not see them before writing mine, but you had a good explanation ! – AlterPHP Jan 16 '18 at 13:09
0

This interface comes in replacement of GuardAuthenticationInterface that is deprecated in Symfony 3.4, and removed from Symfony 3.4.

This difference is that the former GuardAuthenticationInterface only defined a getCredentials method that returns NULL or any form of credentials. In some cases there are many ways to get the credentials for an authenticator, the getCredentials method was processed any way, until something is returned, or end without returning anything (that is almost equivalent to a null return).

When you use multiple authenticators, you don't want to wait each one to return nothing to pass to the following one. So that this supports method appeared in order to return if, yes or no, the authenticator getCredentials method must be called. Note that in the new AuthenticationInterface, getCredentials method is always supposed to return something.

Here is an article from Symfony's blog that describes the move

AlterPHP
  • 12,667
  • 5
  • 49
  • 54