I have an Authenticator that needs to authenticate the user anonymously, but include a role. I do this by overriding createAuthenticatedToken in the Authenticator:
class ClientAuthenticator extends AbstractGuardAuthenticator
{
// supports(), getCredentials(), all working
public function getUser($credentials, UserProviderInterface $userProvider)
{
return new SessionUser;
}
// Return an anonymous user with the client role
public function createAuthenticatedToken(UserInterface $user, $providerKey)
{
return new AnonymousToken(
'Ynpir6i', // <-- here's the issue (the $secret param)
'anon.',
['ROLE_CLIENT_GUEST']
);
}
}
This works wonderfully -- when I hard-code the "secret" parameter of AnonymousToken.
I cannot figure out how to get this secret dynamically though. It is not the "secret" parameter provided in parameters.yml (aka %kernel.secret%).
I only got the secret I'm using now by dumping it out when it's set in AnonymousAuthenticationListener. I've looked at that service's configuration and I don't see it set at all.
What is this secret parameter, and how can I inject it into my Authenticator?
Or, is there a better way to add roles to an anonymous token that was authenticated a specific way?
That parameter may be set to a known value in
security.yml: