API Platform Crash Course Part 15: Custom Authentication with Symfony Authenticators

Just working on the follow up to this and realised there's a big security vulnerability. Please change your supports method to look like this instead:

public function supports(Request $request): ?bool
{
return str_starts_with($request->getPathInfo(), '/api/');
}

This will be covered in the next recording (and the reason for the change if not obvious) anyway.

GaryClarkeTech

Great video!
I get this exception when I make a request with a valid apitoken:
{"message":"Authentication request could not be processed due to a system problem."}

any suggestion?

fernastereo

seem like there is a vulerability with API Platform for 5.x symfony version (composer raises vulnerability)

urprise

Hello, how can I log in users on first registration with custom authenticator?

petarvitanov

how can i build the user/me to find who is logged in and send the id so i can use it in the front and thank uu it's supper helpfull im working on project with api-platform and there's no good ressource i hope u go further with this playlist

farjallahhaythem

Hey @Gary, is there any workaround for this
"php bin/console make:auth"


[ERROR] MakerBundle only supports the new authenticator based security system. See

thecodingchronicles

I'm using an ApiTokenAuthenticator class that extends AbstractAuthenticator, and I need to use the user ID associated with each token in each POST.

public function setAddedBy(int $added_by): self
{
$added_by= **CURRENT_USER_ID**;
$this->added_by = $added_by;
return $this;
}
}
Can you help me with this?

descabella

Hi Gary. I could use some help. Is there a way to get any support from you or the Blockdaemon team? Any way I could send you a private email?

brittneyboone