feature symfony#19122 Improve support for authenticators that don't n…

…eed a user provider (alexandre-daubois) This PR was merged into the 6.3 branch. Discussion ---------- Improve support for authenticators that don't need a user provider Fix symfony#17585 Thank you `@wouterj` for your advices. What do you think of this PR? Commits ------- 6cb1ca8 [SecurityBundle] Improve support for authenticators that don't need a user provider
alzee · Dec 9, 2023 · 59dbc55 · 59dbc55
2 parents 827744b + 6cb1ca8
commit 59dbc55
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/security/access_token.rst b/security/access_token.rst
@@ -709,6 +709,25 @@ create your own User from the claims, you must
         }
     }
 
+Using Self-Claimed Tokens
+-------------------------
+
+You may use tokens that are self-claimed, meaning that they contain all
+the information needed to authenticate the user. This happens when a security
+token doesn't need a user provider to get all needed information about the
+user. For instance, a JWT can be self-claimed when it contains a username as
+well as the roles of the user.
+
+When using self-claimed tokens with stateless firewalls, you can omit to
+configure a user provider. The token authenticator will use the token to
+create a user object with the claims of the token. This means that you can
+skip creating your own user provider.
+
+.. versionadded:: 6.3
+
+    The possibility to omit the user provider in case of stateless firewalls
+    and self-claimed tokens was introduced in Symfony 6.3.
+
 .. _`JSON Web Tokens (JWT)`: https://datatracker.ietf.org/doc/html/rfc7519
 .. _`SAML2 (XML structures)`: https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html
 .. _`RFC6750`: https://datatracker.ietf.org/doc/html/rfc6750