headers->has('Authorization') && str_starts_with((string) $request->headers->get('Authorization'), 'Bearer '); } public function authenticate(Request $request): Passport { $authHeader = (string) $request->headers->get('Authorization'); $token = substr($authHeader, 7); if ('' === $token) { throw new CustomUserMessageAuthenticationException('API token missing.'); } return new SelfValidatingPassport( new UserBadge($token, function (string $token): ?User { $user = $this->userRepository->findOneBy(['apiToken' => $token]); if (null === $user) { throw new CustomUserMessageAuthenticationException('Invalid API token.'); } return $user; }) ); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response { return null; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { return new JsonResponse( ['error' => $exception->getMessageKey()], Response::HTTP_UNAUTHORIZED ); } }