From 4a6a8326bf9eea7dbd4700f487d20638a6124184 Mon Sep 17 00:00:00 2001
From: matlec <mathieu.lechat@sensiolabs.com>
Date: Wed, 3 Sep 2025 14:44:32 +0200
Subject: [PATCH 1/4] [SecurityBundle] Prevent accessing the tracked token
 storage when collecting data

---
 DataCollector/SecurityDataCollector.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/DataCollector/SecurityDataCollector.php b/DataCollector/SecurityDataCollector.php
index 85043db5..0e1528ec 100644
--- a/DataCollector/SecurityDataCollector.php
+++ b/DataCollector/SecurityDataCollector.php
@@ -106,10 +106,12 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
             }
 
             $logoutUrl = null;
-            try {
-                $logoutUrl = $this->logoutUrlGenerator?->getLogoutPath();
-            } catch (\Exception) {
-                // fail silently when the logout URL cannot be generated
+            if ($this->logoutUrlGenerator && method_exists($token, 'getFirewallName')) {
+                try {
+                    $logoutUrl = $this->logoutUrlGenerator->getLogoutPath($token->getFirewallName());
+                } catch (\Exception) {
+                    // fail silently when the logout URL cannot be generated
+                }
             }
 
             $this->data = [

From 5141a4ce1ddc1762a78a5dd72a63204477047e47 Mon Sep 17 00:00:00 2001
From: Oskar Stark <oskarstark@googlemail.com>
Date: Tue, 9 Sep 2025 10:51:28 +0200
Subject: [PATCH 2/4] [SecurityBundle] Add missing `fixXmlConfig()` call for
 `issuer`

---
 .../Security/AccessToken/OidcTokenHandlerFactory.php             | 1 +
 1 file changed, 1 insertion(+)

diff --git a/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php b/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php
index de53d5e8..1b0d0fa9 100644
--- a/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php
+++ b/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php
@@ -91,6 +91,7 @@ public function addConfiguration(NodeBuilder $node): void
         $node
             ->arrayNode($this->getKey())
                 ->fixXmlConfig($this->getKey())
+                ->fixXmlConfig('issuer')
                 ->validate()
                     ->ifTrue(static fn ($v) => !isset($v['algorithm']) && !isset($v['algorithms']))
                     ->thenInvalid('You must set either "algorithm" or "algorithms".')

From 7ded5b2e59d6842a06da3f6299db59f8656e88f1 Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Wed, 10 Sep 2025 11:20:11 +0200
Subject: [PATCH 3/4] [SecurityBundle] Fix semantic configuration for
 singulars/plurals in XML

---
 .../AccessToken/CasTokenHandlerFactory.php    |  1 -
 .../AccessToken/OidcTokenHandlerFactory.php   |  3 +-
 .../OidcUserInfoTokenHandlerFactory.php       |  1 -
 .../Security/Factory/AccessTokenFactory.php   |  3 +-
 .../Security/Factory/RememberMeFactory.php    |  1 +
 Resources/config/schema/security-1.0.xsd      | 83 +++++++++----------
 .../CompleteConfigurationTestCase.php         | 35 ++++++++
 .../Fixtures/php/access_token_oidc.php        | 25 ++++++
 .../php/access_token_oidc_encryption.php      | 30 +++++++
 .../access_token_oidc_user_info_discovery.php | 27 ++++++
 .../Fixtures/xml/access_token_oidc.xml        | 25 ++++++
 .../xml/access_token_oidc_encryption.xml      | 28 +++++++
 .../access_token_oidc_user_info_discovery.xml | 29 +++++++
 .../Fixtures/xml/argon2i_hasher.xml           |  2 +-
 .../Fixtures/xml/bcrypt_hasher.xml            |  2 +-
 .../Fixtures/xml/container1.xml               | 14 ++--
 .../Fixtures/xml/firewall_provider.xml        | 12 +--
 .../xml/firewall_undefined_provider.xml       | 12 +--
 .../Fixtures/xml/listener_provider.xml        | 12 +--
 .../xml/listener_undefined_provider.xml       | 12 +--
 .../Fixtures/xml/migrating_hasher.xml         |  4 +-
 .../Fixtures/xml/remember_me_options.xml      |  4 +-
 .../Fixtures/xml/sodium_hasher.xml            |  2 +-
 .../Fixtures/yml/access_token_oidc.yml        | 16 ++++
 .../yml/access_token_oidc_encryption.yml      | 20 +++++
 .../access_token_oidc_user_info_discovery.yml | 16 ++++
 26 files changed, 321 insertions(+), 98 deletions(-)
 create mode 100644 Tests/DependencyInjection/Fixtures/php/access_token_oidc.php
 create mode 100644 Tests/DependencyInjection/Fixtures/php/access_token_oidc_encryption.php
 create mode 100644 Tests/DependencyInjection/Fixtures/php/access_token_oidc_user_info_discovery.php
 create mode 100644 Tests/DependencyInjection/Fixtures/xml/access_token_oidc.xml
 create mode 100644 Tests/DependencyInjection/Fixtures/xml/access_token_oidc_encryption.xml
 create mode 100644 Tests/DependencyInjection/Fixtures/xml/access_token_oidc_user_info_discovery.xml
 create mode 100644 Tests/DependencyInjection/Fixtures/yml/access_token_oidc.yml
 create mode 100644 Tests/DependencyInjection/Fixtures/yml/access_token_oidc_encryption.yml
 create mode 100644 Tests/DependencyInjection/Fixtures/yml/access_token_oidc_user_info_discovery.yml

diff --git a/DependencyInjection/Security/AccessToken/CasTokenHandlerFactory.php b/DependencyInjection/Security/AccessToken/CasTokenHandlerFactory.php
index a0c2ca04..63ff5db1 100644
--- a/DependencyInjection/Security/AccessToken/CasTokenHandlerFactory.php
+++ b/DependencyInjection/Security/AccessToken/CasTokenHandlerFactory.php
@@ -42,7 +42,6 @@ public function addConfiguration(NodeBuilder $node): void
     {
         $node
             ->arrayNode($this->getKey())
-                ->fixXmlConfig($this->getKey())
                 ->children()
                     ->scalarNode('validation_url')
                         ->info('CAS server validation URL')
diff --git a/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php b/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php
index 1b0d0fa9..0bfd4793 100644
--- a/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php
+++ b/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php
@@ -90,8 +90,8 @@ public function addConfiguration(NodeBuilder $node): void
     {
         $node
             ->arrayNode($this->getKey())
-                ->fixXmlConfig($this->getKey())
                 ->fixXmlConfig('issuer')
+                ->fixXmlConfig('algorithm')
                 ->validate()
                     ->ifTrue(static fn ($v) => !isset($v['algorithm']) && !isset($v['algorithms']))
                     ->thenInvalid('You must set either "algorithm" or "algorithms".')
@@ -173,6 +173,7 @@ public function addConfiguration(NodeBuilder $node): void
                         ->info('JSON-encoded JWKSet used to sign the token (must contain a list of valid public keys).')
                     ->end()
                     ->arrayNode('encryption')
+                        ->fixXmlConfig('algorithm')
                         ->canBeEnabled()
                         ->children()
                             ->booleanNode('enforce')
diff --git a/DependencyInjection/Security/AccessToken/OidcUserInfoTokenHandlerFactory.php b/DependencyInjection/Security/AccessToken/OidcUserInfoTokenHandlerFactory.php
index c6308ff3..0b69d4e7 100644
--- a/DependencyInjection/Security/AccessToken/OidcUserInfoTokenHandlerFactory.php
+++ b/DependencyInjection/Security/AccessToken/OidcUserInfoTokenHandlerFactory.php
@@ -63,7 +63,6 @@ public function addConfiguration(NodeBuilder $node): void
     {
         $node
             ->arrayNode($this->getKey())
-                ->fixXmlConfig($this->getKey())
                 ->beforeNormalization()
                     ->ifString()
                     ->then(fn ($v) => ['claim' => 'sub', 'base_uri' => $v])
diff --git a/DependencyInjection/Security/Factory/AccessTokenFactory.php b/DependencyInjection/Security/Factory/AccessTokenFactory.php
index 371049c8..f5aa4711 100644
--- a/DependencyInjection/Security/Factory/AccessTokenFactory.php
+++ b/DependencyInjection/Security/Factory/AccessTokenFactory.php
@@ -43,11 +43,10 @@ public function addConfiguration(NodeDefinition $node): void
     {
         parent::addConfiguration($node);
 
-        $builder = $node->children();
+        $builder = $node->fixXmlConfig('token_extractor')->children();
         $builder
             ->scalarNode('realm')->defaultNull()->end()
             ->arrayNode('token_extractors')
-                ->fixXmlConfig('token_extractors')
                 ->beforeNormalization()
                     ->ifString()
                     ->then(fn ($v) => [$v])
diff --git a/DependencyInjection/Security/Factory/RememberMeFactory.php b/DependencyInjection/Security/Factory/RememberMeFactory.php
index c62c01d4..57308068 100644
--- a/DependencyInjection/Security/Factory/RememberMeFactory.php
+++ b/DependencyInjection/Security/Factory/RememberMeFactory.php
@@ -126,6 +126,7 @@ public function getKey(): string
     public function addConfiguration(NodeDefinition $node): void
     {
         $builder = $node
+            ->fixXmlConfig('signature_property', 'signature_properties')
             ->fixXmlConfig('user_provider')
             ->children()
         ;
diff --git a/Resources/config/schema/security-1.0.xsd b/Resources/config/schema/security-1.0.xsd
index 692321a4..537119d8 100644
--- a/Resources/config/schema/security-1.0.xsd
+++ b/Resources/config/schema/security-1.0.xsd
@@ -9,11 +9,8 @@
     <xsd:complexType name="config">
         <xsd:choice maxOccurs="unbounded">
             <xsd:element name="access-decision-manager" type="access_decision_manager" minOccurs="0" maxOccurs="1" />
-            <xsd:element name="password_hashers" type="password_hashers" minOccurs="0" maxOccurs="1" />
-            <xsd:element name="password_hasher" type="password_hasher" minOccurs="0" maxOccurs="unbounded" />
-            <xsd:element name="providers" type="providers" minOccurs="0" maxOccurs="1" />
+            <xsd:element name="password-hasher" type="password_hasher" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="provider" type="provider" minOccurs="0" maxOccurs="unbounded" />
-            <xsd:element name="firewalls" type="firewalls" minOccurs="0" maxOccurs="1" />
             <xsd:element name="firewall" type="firewall" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="rule" type="rule" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="role" type="role" minOccurs="0" maxOccurs="unbounded" />
@@ -21,28 +18,10 @@
         <xsd:attribute name="access-denied-url" type="xsd:string" />
         <xsd:attribute name="session-fixation-strategy" type="session_fixation_strategy" />
         <xsd:attribute name="hide-user-not-found" type="xsd:boolean" />
-        <xsd:attribute name="always-authenticate-before-granting" type="xsd:boolean" />
+        <xsd:attribute name="expose-security-errors" type="access_decision_manager_expose_security_level" />
         <xsd:attribute name="erase-credentials" type="xsd:boolean" />
     </xsd:complexType>
 
-    <xsd:complexType name="password_hashers">
-        <xsd:sequence>
-            <xsd:element name="password_hasher" type="password_hasher" minOccurs="1" maxOccurs="unbounded" />
-        </xsd:sequence>
-    </xsd:complexType>
-
-    <xsd:complexType name="providers">
-        <xsd:sequence>
-            <xsd:element name="provider" type="provider" minOccurs="1" maxOccurs="unbounded" />
-        </xsd:sequence>
-    </xsd:complexType>
-
-    <xsd:complexType name="firewalls">
-        <xsd:sequence>
-            <xsd:element name="firewall" type="firewall" minOccurs="1" maxOccurs="unbounded" />
-        </xsd:sequence>
-    </xsd:complexType>
-
     <xsd:simpleType name="session_fixation_strategy">
         <xsd:restriction base="xsd:string">
             <xsd:enumeration value="none" />
@@ -55,7 +34,6 @@
         <xsd:attribute name="strategy" type="access_decision_manager_strategy" />
         <xsd:attribute name="service" type="xsd:string" />
         <xsd:attribute name="strategy-service" type="xsd:string" />
-        <xsd:attribute name="expose-security-errors" type="access_decision_manager_expose_security_level" />
         <xsd:attribute name="allow-if-all-abstain" type="xsd:boolean" />
         <xsd:attribute name="allow-if-equal-granted-denied" type="xsd:boolean" />
     </xsd:complexType>
@@ -196,12 +174,16 @@
         <xsd:attribute name="name" type="xsd:string" use="required" />
         <xsd:attribute name="path" type="xsd:string" />
         <xsd:attribute name="domain" type="xsd:string" />
+        <xsd:attribute name="secure" type="xsd:boolean" />
+        <xsd:attribute name="samesite" type="remember_me_samesite" />
+        <xsd:attribute name="partitioned" type="xsd:boolean" />
     </xsd:complexType>
 
     <xsd:complexType name="switch_user">
         <xsd:attribute name="provider" type="xsd:string" />
         <xsd:attribute name="parameter" type="xsd:string" />
         <xsd:attribute name="role" type="xsd:string" />
+        <xsd:attribute name="target-route" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="anonymous">
@@ -304,6 +286,7 @@
         <xsd:attribute name="success-handler" type="xsd:string" />
         <xsd:attribute name="failure-handler" type="xsd:string" />
         <xsd:attribute name="provider" type="xsd:string" />
+        <xsd:attribute name="secret" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="access_token">
@@ -321,59 +304,66 @@
     <xsd:complexType name="oidc_token_handler">
         <xsd:sequence>
             <xsd:choice minOccurs="0" maxOccurs="1">
-                <xsd:element name="oidc-user-info" type="oidc_user_info"></xsd:element>
-                <xsd:element name="oidc" type="oidc"></xsd:element>
+                <xsd:element name="oidc-user-info" type="oidc_user_info" />
+                <xsd:element name="oidc" type="oidc" />
             </xsd:choice>
         </xsd:sequence>
-        <xsd:attribute name="oidc-user-info" type="xsd:anyURI"></xsd:attribute>
+        <xsd:attribute name="oidc-user-info" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="oidc_user_info">
-        <xsd:attribute name="base-uri" type="xsd:anyURI" use="required" />
+        <xsd:sequence>
+            <xsd:element name="discovery" minOccurs="0" maxOccurs="1">
+                <xsd:complexType>
+                    <xsd:sequence>
+                        <xsd:element name="cache" minOccurs="0" maxOccurs="1">
+                            <xsd:complexType>
+                                <xsd:attribute name="id" type="xsd:string" />
+                            </xsd:complexType>
+                        </xsd:element>
+                    </xsd:sequence>
+                </xsd:complexType>
+            </xsd:element>
+        </xsd:sequence>
+        <xsd:attribute name="base-uri" type="xsd:string" use="required" />
         <xsd:attribute name="claim" type="xsd:string" />
         <xsd:attribute name="client" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="oidc">
         <xsd:choice maxOccurs="unbounded">
-            <xsd:element name="issuers" type="oidc_issuers" minOccurs="0" maxOccurs="1" />
-            <xsd:element name="issuer" type="password_hasher" minOccurs="0" maxOccurs="unbounded" />
+            <xsd:element name="issuer" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
+            <xsd:element name="algorithm" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
             <xsd:element name="encryption" type="oidc_encryption" />
         </xsd:choice>
         <xsd:attribute name="claim" type="xsd:string" />
         <xsd:attribute name="audience" type="xsd:string" use="required" />
-        <xsd:attribute name="algorithm" type="xsd:string" use="required" />
-        <xsd:attribute name="key" type="xsd:string" use="required" />
+        <xsd:attribute name="algorithm" type="xsd:string" />
+        <xsd:attribute name="key" type="xsd:string" />
+        <xsd:attribute name="keyset" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="oidc_encryption">
         <xsd:choice maxOccurs="unbounded">
-            <xsd:element name="algorithms" type="oidc_encryption_algorithms" minOccurs="1" maxOccurs="1" />
+            <xsd:element name="algorithm" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
         </xsd:choice>
         <xsd:attribute name="enabled" type="xsd:boolean" />
         <xsd:attribute name="enforce" type="xsd:boolean" />
         <xsd:attribute name="keyset" type="xsd:string" use="required" />
     </xsd:complexType>
 
-    <xsd:complexType name="oidc_encryption_algorithms">
-        <xsd:sequence>
-            <xsd:element name="algorithm" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
-        </xsd:sequence>
-    </xsd:complexType>
-
-    <xsd:complexType name="oidc_issuers">
-        <xsd:sequence>
-            <xsd:element name="issuer" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
-        </xsd:sequence>
-    </xsd:complexType>
-
     <xsd:complexType name="login_throttling">
         <xsd:attribute name="limiter" type="xsd:string" />
         <xsd:attribute name="max-attempts" type="xsd:integer" />
+        <xsd:attribute name="interval" type="xsd:string" />
+        <xsd:attribute name="lock-factory" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="remember_me">
         <xsd:sequence minOccurs="0">
+            <xsd:choice minOccurs="0" maxOccurs="unbounded">
+                <xsd:element name="signature-property" type="xsd:string" />
+            </xsd:choice>
             <xsd:choice minOccurs="0" maxOccurs="unbounded">
                 <xsd:element name="user-provider" type="xsd:string" />
             </xsd:choice>
@@ -442,7 +432,7 @@
             <xsd:element name="method" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="role" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="allow-if" type="xsd:string" minOccurs="0" maxOccurs="1" />
-            <xsd:element name="attribute" type="rule_attribute" minOccurs="0" maxOccurs="1" />
+            <xsd:element name="attribute" type="rule_attribute" minOccurs="0" maxOccurs="unbounded" />
         </xsd:choice>
         <xsd:attribute name="requires-channel" type="xsd:string" />
         <xsd:attribute name="path" type="xsd:string" />
@@ -452,6 +442,7 @@
         <xsd:attribute name="methods" type="xsd:string" />
         <xsd:attribute name="allow-if" type="xsd:string" />
         <xsd:attribute name="route" type="xsd:string" />
+        <xsd:attribute name="request-matcher" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="role">
diff --git a/Tests/DependencyInjection/CompleteConfigurationTestCase.php b/Tests/DependencyInjection/CompleteConfigurationTestCase.php
index 04fba9fe..dcb67011 100644
--- a/Tests/DependencyInjection/CompleteConfigurationTestCase.php
+++ b/Tests/DependencyInjection/CompleteConfigurationTestCase.php
@@ -726,6 +726,41 @@ public function testFirewallPatterns()
         $this->assertSame('(?:^/register$|^/documentation$)', $container->getDefinition($requestMatcherId)->getArgument(0));
     }
 
+    public function testAccessTokenOidc()
+    {
+        $container = $this->getContainer('access_token_oidc');
+
+        $this->assertTrue($container->hasDefinition('security.authenticator.access_token.firewall1'));
+        $this->assertTrue($container->hasDefinition('security.access_token_handler.firewall1'));
+
+        $def = $container->getDefinition('security.access_token_handler.firewall1');
+        $this->assertSame('audience', $def->getArgument(2));
+        $this->assertSame(['https://www.example.com'], $def->getArgument(3));
+        $this->assertSame('sub', $def->getArgument(4));
+    }
+
+    public function testAccessTokenOidcWithEncryption()
+    {
+        $container = $this->getContainer('access_token_oidc_encryption');
+
+        $this->assertTrue($container->hasDefinition('security.authenticator.access_token.firewall1'));
+        $this->assertTrue($container->hasDefinition('security.access_token_handler.firewall1'));
+
+        $def = $container->getDefinition('security.access_token_handler.firewall1');
+        $this->assertSame(['RS256'], $def->getArgument(0)->getArgument(0));
+    }
+
+    public function testAccessTokenOidcUserInfoWithDiscovery()
+    {
+        if ('xml' === $this->getFileExtension()) {
+            $this->markTestSkipped('OIDC user info discovery is not supported by the XML schema.');
+        }
+        $container = $this->getContainer('access_token_oidc_user_info_discovery');
+
+        $this->assertTrue($container->hasDefinition('security.authenticator.access_token.firewall1'));
+        $this->assertTrue($container->hasDefinition('security.access_token_handler.firewall1'));
+    }
+
     protected function getContainer($file)
     {
         $file .= '.'.$this->getFileExtension();
diff --git a/Tests/DependencyInjection/Fixtures/php/access_token_oidc.php b/Tests/DependencyInjection/Fixtures/php/access_token_oidc.php
new file mode 100644
index 00000000..b4631c4b
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/php/access_token_oidc.php
@@ -0,0 +1,25 @@
+<?php
+
+$container->loadFromExtension('security', [
+    'providers' => [
+        'default' => [
+            'memory' => null,
+        ],
+    ],
+    'firewalls' => [
+        'firewall1' => [
+            'provider' => 'default',
+            'access_token' => [
+                'token_handler' => [
+                    'oidc' => [
+                        'algorithms' => ['RS256'],
+                        'issuers' => ['https://www.example.com'],
+                        'audience' => 'audience',
+                        'keyset' => '{"keys":[{"kty":"RSA","n":"abc","e":"AQAB"}]}',
+                    ],
+                ],
+            ],
+        ],
+    ],
+]);
+
diff --git a/Tests/DependencyInjection/Fixtures/php/access_token_oidc_encryption.php b/Tests/DependencyInjection/Fixtures/php/access_token_oidc_encryption.php
new file mode 100644
index 00000000..65bb9479
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/php/access_token_oidc_encryption.php
@@ -0,0 +1,30 @@
+<?php
+
+$container->loadFromExtension('security', [
+    'providers' => [
+        'default' => [
+            'memory' => null,
+        ],
+    ],
+    'firewalls' => [
+        'firewall1' => [
+            'provider' => 'default',
+            'access_token' => [
+                'token_handler' => [
+                    'oidc' => [
+                        'algorithms' => ['RS256'],
+                        'issuers' => ['https://www.example.com'],
+                        'audience' => 'audience',
+                        'keyset' => '{"keys":[{"kty":"RSA","n":"abc","e":"AQAB"}]}',
+                        'encryption' => [
+                            'enabled' => true,
+                            'keyset' => '{"keys":[{"kty":"RSA","n":"abc","e":"AQAB","d":"def"}]}',
+                            'algorithms' => ['RSA-OAEP'],
+                        ],
+                    ],
+                ],
+            ],
+        ],
+    ],
+]);
+
diff --git a/Tests/DependencyInjection/Fixtures/php/access_token_oidc_user_info_discovery.php b/Tests/DependencyInjection/Fixtures/php/access_token_oidc_user_info_discovery.php
new file mode 100644
index 00000000..f01b7263
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/php/access_token_oidc_user_info_discovery.php
@@ -0,0 +1,27 @@
+<?php
+
+$container->loadFromExtension('security', [
+    'providers' => [
+        'default' => [
+            'memory' => null,
+        ],
+    ],
+    'firewalls' => [
+        'firewall1' => [
+            'provider' => 'default',
+            'access_token' => [
+                'token_handler' => [
+                    'oidc_user_info' => [
+                        'base_uri' => 'https://www.example.com/realms/demo/protocol/openid-connect/userinfo',
+                        'discovery' => [
+                            'cache' => [
+                                'id' => 'oidc_cache',
+                            ],
+                        ],
+                    ],
+                ],
+            ],
+        ],
+    ],
+]);
+
diff --git a/Tests/DependencyInjection/Fixtures/xml/access_token_oidc.xml b/Tests/DependencyInjection/Fixtures/xml/access_token_oidc.xml
new file mode 100644
index 00000000..2b197ae4
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/xml/access_token_oidc.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<container xmlns="http://symfony.com/schema/dic/services"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
+                               http://symfony.com/schema/dic/security http://symfony.com/schema/dic/security/security-1.0.xsd">
+
+    <config xmlns="http://symfony.com/schema/dic/security">
+        <provider name="default">
+            <memory>
+                <user identifier="u" password="p" roles="ROLE_USER" />
+            </memory>
+        </provider>
+        <firewall name="firewall1" provider="default">
+            <access-token>
+                <token-handler>
+                    <oidc audience="audience" keyset='{"keys":[{"kty":"RSA","n":"abc","e":"AQAB"}]}' >
+                        <issuer>https://www.example.com</issuer>
+                        <algorithm>RS256</algorithm>
+                    </oidc>
+                </token-handler>
+            </access-token>
+        </firewall>
+    </config>
+</container>
+
diff --git a/Tests/DependencyInjection/Fixtures/xml/access_token_oidc_encryption.xml b/Tests/DependencyInjection/Fixtures/xml/access_token_oidc_encryption.xml
new file mode 100644
index 00000000..d21da9ca
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/xml/access_token_oidc_encryption.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<container xmlns="http://symfony.com/schema/dic/services"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
+                               http://symfony.com/schema/dic/security http://symfony.com/schema/dic/security/security-1.0.xsd">
+
+    <config xmlns="http://symfony.com/schema/dic/security">
+        <provider name="default">
+            <memory>
+                <user identifier="u" password="p" roles="ROLE_USER" />
+            </memory>
+        </provider>
+        <firewall name="firewall1" provider="default">
+            <access-token>
+                <token-handler>
+                    <oidc audience="audience" keyset='{"keys":[{"kty":"RSA","n":"abc","e":"AQAB"}]}' >
+                        <issuer>https://www.example.com</issuer>
+                        <algorithm>RS256</algorithm>
+                        <encryption enforce="true" keyset='{"keys":[{"kty":"RSA","n":"abc","e":"AQAB","d":"def"}]}' >
+                            <algorithm>RSA-OAEP</algorithm>
+                        </encryption>
+                    </oidc>
+                </token-handler>
+            </access-token>
+        </firewall>
+    </config>
+</container>
+
diff --git a/Tests/DependencyInjection/Fixtures/xml/access_token_oidc_user_info_discovery.xml b/Tests/DependencyInjection/Fixtures/xml/access_token_oidc_user_info_discovery.xml
new file mode 100644
index 00000000..91874379
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/xml/access_token_oidc_user_info_discovery.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<container xmlns="http://symfony.com/schema/dic/services"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
+                               http://symfony.com/schema/dic/security http://symfony.com/schema/dic/security/security-1.0.xsd">
+
+    <config xmlns="http://symfony.com/schema/dic/security">
+        <provider name="default">
+            <memory>
+                <user identifier="u" password="p" roles="ROLE_USER" />
+            </memory>
+        </provider>
+        <firewall name="firewall1" provider="default">
+            <access-token>
+                <token-handler>
+                    <oidc-user-info base-uri="https://www.example.com/realms/demo/protocol/openid-connect/userinfo" />
+                    <token-handler>
+                        <oidc-user-info>
+                            <discovery>
+                                <cache id="oidc_cache" />
+                            </discovery>
+                        </oidc-user-info>
+                    </token-handler>
+                </token-handler>
+            </access-token>
+        </firewall>
+    </config>
+</container>
+
diff --git a/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml b/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml
index 3dc2c685..133de4f8 100644
--- a/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/argon2i_hasher.xml
@@ -13,7 +13,7 @@
     </imports>
 
     <sec:config>
-        <sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="argon2i" memory-cost="256" time-cost="1" />
+        <sec:password-hasher class="JMS\FooBundle\Entity\User7" algorithm="argon2i" memory-cost="256" time-cost="1" />
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml b/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml
index d4c5d3de..0e790e25 100644
--- a/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/bcrypt_hasher.xml
@@ -13,7 +13,7 @@
     </imports>
 
     <sec:config>
-        <sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="bcrypt" cost="15" />
+        <sec:password-hasher class="JMS\FooBundle\Entity\User7" algorithm="bcrypt" cost="15" />
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/xml/container1.xml b/Tests/DependencyInjection/Fixtures/xml/container1.xml
index f54c5064..fb5080de 100644
--- a/Tests/DependencyInjection/Fixtures/xml/container1.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/container1.xml
@@ -9,19 +9,19 @@
         https://symfony.com/schema/dic/security/security-1.0.xsd">
 
     <config>
-        <password_hasher class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />
+        <password-hasher class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />
 
-        <password_hasher class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
+        <password-hasher class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
 
-        <password_hasher class="JMS\FooBundle\Entity\User3" algorithm="md5" />
+        <password-hasher class="JMS\FooBundle\Entity\User3" algorithm="md5" />
 
-        <password_hasher class="JMS\FooBundle\Entity\User4" id="security.hasher.foo" />
+        <password-hasher class="JMS\FooBundle\Entity\User4" id="security.hasher.foo" />
 
-        <password_hasher class="JMS\FooBundle\Entity\User5" algorithm="pbkdf2" hash-algorithm="sha1" encode-as-base64="false" iterations="5" key-length="30" />
+        <password-hasher class="JMS\FooBundle\Entity\User5" algorithm="pbkdf2" hash-algorithm="sha1" encode-as-base64="false" iterations="5" key-length="30" />
 
-        <password_hasher class="JMS\FooBundle\Entity\User6" algorithm="native" time-cost="8" memory-cost="100" cost="15" />
+        <password-hasher class="JMS\FooBundle\Entity\User6" algorithm="native" time-cost="8" memory-cost="100" cost="15" />
 
-        <password_hasher class="JMS\FooBundle\Entity\User7" algorithm="auto" />
+        <password-hasher class="JMS\FooBundle\Entity\User7" algorithm="auto" />
 
         <provider name="default">
             <memory>
diff --git a/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml b/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml
index e2f0e986..37e0b8af 100644
--- a/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/firewall_provider.xml
@@ -9,15 +9,11 @@
         https://symfony.com/schema/dic/security/security-1.0.xsd">
 
     <sec:config>
-        <sec:providers>
-            <sec:provider name="with-dash" id="foo" />
-        </sec:providers>
+        <sec:provider name="with-dash" id="foo" />
 
-        <sec:firewalls>
-            <sec:firewall name="main" provider="with-dash">
-                <sec:form-login />
-            </sec:firewall>
-        </sec:firewalls>
+        <sec:firewall name="main" provider="with-dash">
+            <sec:form-login />
+        </sec:firewall>
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml b/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml
index e7f3e687..c1b51373 100644
--- a/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/firewall_undefined_provider.xml
@@ -9,15 +9,11 @@
         https://symfony.com/schema/dic/security/security-1.0.xsd">
 
     <sec:config>
-        <sec:providers>
-            <sec:provider name="default" id="foo" />
-        </sec:providers>
+        <sec:provider name="default" id="foo" />
 
-        <sec:firewalls>
-            <sec:firewall name="main" provider="undefined">
-                <sec:form-login />
-            </sec:firewall>
-        </sec:firewalls>
+        <sec:firewall name="main" provider="undefined">
+            <sec:form-login />
+        </sec:firewall>
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml b/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml
index 462136c6..6d5e7149 100644
--- a/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/listener_provider.xml
@@ -9,15 +9,11 @@
         https://symfony.com/schema/dic/security/security-1.0.xsd">
 
     <sec:config>
-        <sec:providers>
-            <sec:provider name="default" id="foo" />
-        </sec:providers>
+        <sec:provider name="default" id="foo" />
 
-        <sec:firewalls>
-            <sec:firewall name="main">
-                <sec:form-login provider="default" />
-            </sec:firewall>
-        </sec:firewalls>
+        <sec:firewall name="main">
+            <sec:form-login provider="default" />
+        </sec:firewall>
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml b/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml
index cb82f2cc..0cd1ab6d 100644
--- a/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/listener_undefined_provider.xml
@@ -9,15 +9,11 @@
         https://symfony.com/schema/dic/security/security-1.0.xsd">
 
     <sec:config>
-        <sec:providers>
-            <sec:provider name="default" id="foo" />
-        </sec:providers>
+        <sec:provider name="default" id="foo" />
 
-        <sec:firewalls>
-            <sec:firewall name="main">
-                <sec:form-login provider="undefined" />
-            </sec:firewall>
-        </sec:firewalls>
+        <sec:firewall name="main">
+            <sec:form-login provider="undefined" />
+        </sec:firewall>
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml b/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml
index a4a9d201..110868de 100644
--- a/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/migrating_hasher.xml
@@ -13,9 +13,9 @@
     </imports>
 
     <sec:config>
-        <sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="argon2i" memory-cost="256" time-cost="1">
+        <sec:password-hasher class="JMS\FooBundle\Entity\User7" algorithm="argon2i" memory-cost="256" time-cost="1">
             <sec:migrate-from>bcrypt</sec:migrate-from>
-        </sec:password_hasher>
+        </sec:password-hasher>
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml b/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml
index 767397ad..e051ce22 100644
--- a/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/remember_me_options.xml
@@ -9,9 +9,7 @@
     https://symfony.com/schema/dic/security/security-1.0.xsd">
 
     <sec:config>
-        <sec:providers>
-            <sec:provider name="default" id="foo"/>
-        </sec:providers>
+        <sec:provider name="default" id="foo"/>
         <sec:firewall name="main">
             <sec:form-login/>
             <sec:remember-me secret="TheSecret" catch-exceptions="false" token-provider="token_provider_id" />
diff --git a/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml b/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml
index fd5cacef..eb26969a 100644
--- a/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml
+++ b/Tests/DependencyInjection/Fixtures/xml/sodium_hasher.xml
@@ -13,7 +13,7 @@
     </imports>
 
     <sec:config>
-        <sec:password_hasher class="JMS\FooBundle\Entity\User7" algorithm="sodium" time-cost="8" memory-cost="131072" />
+        <sec:password-hasher class="JMS\FooBundle\Entity\User7" algorithm="sodium" time-cost="8" memory-cost="131072" />
     </sec:config>
 
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/yml/access_token_oidc.yml b/Tests/DependencyInjection/Fixtures/yml/access_token_oidc.yml
new file mode 100644
index 00000000..7da369de
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/yml/access_token_oidc.yml
@@ -0,0 +1,16 @@
+security:
+    providers:
+        default:
+            memory: ~
+
+    firewalls:
+        firewall1:
+            provider: default
+            access_token:
+                token_handler:
+                    oidc:
+                        algorithms: ['RS256']
+                        issuers: ['https://www.example.com']
+                        audience: 'audience'
+                        keyset: '{"keys":[{"kty":"RSA","n":"abc","e":"AQAB"}]}'
+
diff --git a/Tests/DependencyInjection/Fixtures/yml/access_token_oidc_encryption.yml b/Tests/DependencyInjection/Fixtures/yml/access_token_oidc_encryption.yml
new file mode 100644
index 00000000..956b33f4
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/yml/access_token_oidc_encryption.yml
@@ -0,0 +1,20 @@
+security:
+    providers:
+        default:
+            memory: ~
+
+    firewalls:
+        firewall1:
+            provider: default
+            access_token:
+                token_handler:
+                    oidc:
+                        algorithms: ['RS256']
+                        issuers: ['https://www.example.com']
+                        audience: 'audience'
+                        keyset: '{"keys":[{"kty":"RSA","n":"abc","e":"AQAB"}]}'
+                        encryption:
+                            enabled: true
+                            keyset: '{"keys":[{"kty":"RSA","n":"abc","e":"AQAB","d":"def"}]}'
+                            algorithms: ['RSA-OAEP']
+
diff --git a/Tests/DependencyInjection/Fixtures/yml/access_token_oidc_user_info_discovery.yml b/Tests/DependencyInjection/Fixtures/yml/access_token_oidc_user_info_discovery.yml
new file mode 100644
index 00000000..62e80d8d
--- /dev/null
+++ b/Tests/DependencyInjection/Fixtures/yml/access_token_oidc_user_info_discovery.yml
@@ -0,0 +1,16 @@
+security:
+    providers:
+        default:
+            memory: ~
+
+    firewalls:
+        firewall1:
+            provider: default
+            access_token:
+                token_handler:
+                    oidc_user_info:
+                        base_uri: 'https://www.example.com/realms/demo/protocol/openid-connect/userinfo'
+                        discovery:
+                            cache:
+                                id: 'oidc_cache'
+

From b83773107a5b83a5507df9e88bd50d495f6e8b72 Mon Sep 17 00:00:00 2001
From: Damien Fernandes <damien.fernandes24@gmail.com>
Date: Mon, 22 Sep 2025 17:03:07 +0200
Subject: [PATCH 4/4] [SecurityBundle] Remove legacy parameter in
 SecurityDataCollectorTest

---
 .../SecurityDataCollectorTest.php             | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Tests/DataCollector/SecurityDataCollectorTest.php b/Tests/DataCollector/SecurityDataCollectorTest.php
index c74200e1..650245b5 100644
--- a/Tests/DataCollector/SecurityDataCollectorTest.php
+++ b/Tests/DataCollector/SecurityDataCollectorTest.php
@@ -40,7 +40,7 @@ class SecurityDataCollectorTest extends TestCase
 {
     public function testCollectWhenSecurityIsDisabled()
     {
-        $collector = new SecurityDataCollector(null, null, null, null, null, null, true);
+        $collector = new SecurityDataCollector(null, null, null, null, null, null);
         $collector->collect(new Request(), new Response());
 
         $this->assertSame('security', $collector->getName());
@@ -60,7 +60,7 @@ public function testCollectWhenSecurityIsDisabled()
     public function testCollectWhenAuthenticationTokenIsNull()
     {
         $tokenStorage = new TokenStorage();
-        $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null, true);
+        $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null);
         $collector->collect(new Request(), new Response());
 
         $this->assertTrue($collector->isEnabled());
@@ -82,7 +82,7 @@ public function testCollectAuthenticationTokenAndRoles(array $roles, array $norm
         $tokenStorage = new TokenStorage();
         $tokenStorage->setToken(new UsernamePasswordToken(new InMemoryUser('hhamon', 'P4$$w0rD', $roles), 'provider', $roles));
 
-        $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null, true);
+        $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null);
         $collector->collect(new Request(), new Response());
         $collector->lateCollect();
 
@@ -105,7 +105,7 @@ public function testCollectSwitchUserToken()
         $tokenStorage = new TokenStorage();
         $tokenStorage->setToken(new SwitchUserToken(new InMemoryUser('hhamon', 'P4$$w0rD', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN']), 'provider', ['ROLE_USER', 'ROLE_PREVIOUS_ADMIN'], $adminToken));
 
-        $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null, true);
+        $collector = new SecurityDataCollector($tokenStorage, $this->getRoleHierarchy(), null, null, null, null);
         $collector->collect(new Request(), new Response());
         $collector->lateCollect();
 
@@ -135,7 +135,7 @@ public function testGetFirewall()
             ->with($request)
             ->willReturn($firewallConfig);
 
-        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()), true);
+        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()));
         $collector->collect($request, new Response());
         $collector->lateCollect();
         $collected = $collector->getFirewall();
@@ -159,7 +159,7 @@ public function testGetFirewallReturnsNull()
         $response = new Response();
 
         // Don't inject any firewall map
-        $collector = new SecurityDataCollector(null, null, null, null, null, null, true);
+        $collector = new SecurityDataCollector(null, null, null, null, null, null);
         $collector->collect($request, $response);
         $this->assertNull($collector->getFirewall());
 
@@ -169,7 +169,7 @@ public function testGetFirewallReturnsNull()
             ->disableOriginalConstructor()
             ->getMock();
 
-        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()), true);
+        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()));
         $collector->collect($request, $response);
         $this->assertNull($collector->getFirewall());
 
@@ -179,7 +179,7 @@ public function testGetFirewallReturnsNull()
             ->disableOriginalConstructor()
             ->getMock();
 
-        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()), true);
+        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator()));
         $collector->collect($request, $response);
         $this->assertNull($collector->getFirewall());
     }
@@ -213,7 +213,7 @@ public function testGetListeners()
         $firewall = new TraceableFirewallListener($firewallMap, new EventDispatcher(), new LogoutUrlGenerator());
         $firewall->onKernelRequest($event);
 
-        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, $firewall, true);
+        $collector = new SecurityDataCollector(null, null, null, null, $firewallMap, $firewall);
         $collector->collect($request, $response);
 
         $this->assertNotEmpty($collected = $collector->getListeners()[0]);
@@ -260,7 +260,7 @@ public function dispatch(object $event, ?string $eventName = null): object
                 ],
             ]]);
 
-        $dataCollector = new SecurityDataCollector(null, null, null, $accessDecisionManager, null, null, true);
+        $dataCollector = new SecurityDataCollector(null, null, null, $accessDecisionManager, null, null);
 
         $dataCollector->collect(new Request(), new Response());
 
@@ -348,7 +348,7 @@ public function dispatch(object $event, ?string $eventName = null): object
                 ],
             ]);
 
-        $dataCollector = new SecurityDataCollector(null, null, null, $accessDecisionManager, null, null, true);
+        $dataCollector = new SecurityDataCollector(null, null, null, $accessDecisionManager, null, null);
 
         $dataCollector->collect(new Request(), new Response());
 
@@ -420,7 +420,7 @@ public function testGetVotersIfAccessDecisionManagerHasNoVoters()
                 'voterDetails' => [],
             ]]);
 
-        $dataCollector = new SecurityDataCollector(null, null, null, $accessDecisionManager, null, null, true);
+        $dataCollector = new SecurityDataCollector(null, null, null, $accessDecisionManager, null, null);
 
         $dataCollector->collect(new Request(), new Response());