do not overwrite already stored tokens (i.e. from the session)

stlrnz · stlrnz · commit 0c3278309b0f · 2021-11-10T11:44:45.000+01:00
diff --git a/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php b/src/Symfony/Component/Security/Http/Authenticator/AbstractPreAuthenticatedAuthenticator.php
@@ -59,6 +59,11 @@ abstract protected function extractUsername(Request $request): ?string;
 
     public function supports(Request $request): ?bool
     {
+        // do not overwrite already stored tokens (i.e. from the session)
+        if (null !== $this->tokenStorage->getToken()) {
+            return false;
+        }
+
         try {
             $username = $this->extractUsername($request);
         } catch (BadCredentialsException $e) {
