. */ declare(strict_types=1); namespace App\Security; use App\Entity\UserSystem\ApiToken; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken; class ApiTokenAuthenticatedToken extends PostAuthenticationToken { public function __construct(UserInterface $user, string $firewallName, array $roles, private readonly ApiToken $apiToken) { //Add roles for the API $roles[] = 'ROLE_API_AUTHENTICATED'; //Add roles based on the token level $roles = array_merge($roles, $apiToken->getLevel()->getAdditionalRoles()); parent::__construct($user, $firewallName, array_unique($roles)); } /** * Returns the API token that was used to authenticate the user. * @return ApiToken */ public function getApiToken(): ApiToken { return $this->apiToken; } }