From bd58134ee8c98be90c1a3ac45f31dafd08ea4e3b Mon Sep 17 00:00:00 2001
From: Alexandre Daubois <alex.daubois@gmail.com>
Date: Tue, 26 Sep 2023 17:54:39 +0200
Subject: [PATCH] [Authenticator] Improve the first example

---
 security/custom_authenticator.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/security/custom_authenticator.rst b/security/custom_authenticator.rst
index 8dbeeaf287a..60604fce11b 100644
--- a/security/custom_authenticator.rst
+++ b/security/custom_authenticator.rst
@@ -49,7 +49,11 @@ method that fits most use-cases::
                 throw new CustomUserMessageAuthenticationException('No API token provided');
             }
 
-            return new SelfValidatingPassport(new UserBadge($apiToken));
+            // implement your own logic to get the user identifier from `$apiToken`
+            // e.g. by finding one user in database by its API key
+            $userIdentifier = /** ... */;
+
+            return new SelfValidatingPassport(new UserBadge($userIdentifier));
         }
 
         public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response