Remove bearer from request hardcoded in firewall listener

[thomas-hiron]

I'd like to use the bearer token in kernel.request event but it comes that OAuthListener deliberately removes it, why?

https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/blob/master/Security/Firewall/OAuthListener.php#L65

How can I bypass that behavior?

Thanks!

[thomas-hiron]

Here is my workaround...

fos_oauth_server.security.authentication.listener:
    class: App\User\Security\Firewall\Listener\OAuthListener
    arguments:
        $securityContext: '@security.token_storage'
        $authenticationManager: '@security.authentication.manager'
        $serverService: '@fos_oauth_server.server'

namespace App\User\Security\Firewall\Listener;

use FOS\OAuthServerBundle\Security\Authentication\Token\OAuthToken;
use FOS\OAuthServerBundle\Security\Firewall\OAuthListener as BaseListener;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;

class OAuthListener extends BaseListener
{
    public function handle(GetResponseEvent $event)
    {
        if (null === $oauthToken = $this->serverService->getBearerToken($event->getRequest(), false)) {
            return;
        }

        $token = new OAuthToken();
        $token->setToken($oauthToken);

        try {
            $returnValue = $this->authenticationManager->authenticate($token);

            if ($returnValue instanceof TokenInterface) {
                return $this->securityContext->setToken($returnValue);
            }

            if ($returnValue instanceof Response) {
                return $event->setResponse($returnValue);
            }
        } catch (AuthenticationException $e) {
            if (null !== $p = $e->getPrevious()) {
                $event->setResponse($p->getHttpResponse());
            }
        }
    }
}