From f473e059239da16045d0a187065c5f907d559d2c Mon Sep 17 00:00:00 2001
From: lacatoire <louis-arnaud.catoire@external.drivalia.com>
Date: Tue, 27 Jan 2026 15:19:15 +0100
Subject: [PATCH 1/2] [LoginLink] Document enum support in signature_properties

---
 security/login_link.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security/login_link.rst b/security/login_link.rst
index 3b3d37fcdd0..2a9446a22a1 100644
--- a/security/login_link.rst
+++ b/security/login_link.rst
@@ -405,6 +405,11 @@ The properties are fetched from the user object using the
     ``requestLoginLink()`` controller, you can invalidate all login links
     whenever a user requests a new link.
 
+.. versionadded:: 8.1
+
+    Signature properties can be enum values (both ``UnitEnum`` and backed enums).
+    Changing the enum case automatically invalidates existing login links.
+
 Configure a Maximum Use of a Link
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From 1de858a882fa5e336a1d182ae86419944cc5479d Mon Sep 17 00:00:00 2001
From: lacatoire <louis-arnaud.catoire@external.drivalia.com>
Date: Wed, 28 Jan 2026 15:17:33 +0100
Subject: [PATCH 2/2] add an example

---
 security/login_link.rst | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/security/login_link.rst b/security/login_link.rst
index 2a9446a22a1..9e6718b66ef 100644
--- a/security/login_link.rst
+++ b/security/login_link.rst
@@ -410,6 +410,34 @@ The properties are fetched from the user object using the
     Signature properties can be enum values (both ``UnitEnum`` and backed enums).
     Changing the enum case automatically invalidates existing login links.
 
+A common use case is to invalidate all existing login links when a user's
+security-related state changes (for example after requesting a password reset).
+
+For example, you can include an enum value in the signature properties::
+
+    enum LoginState: string
+    {
+        case ACTIVE = 'active';
+        case PASSWORD_RESET = 'password_reset';
+    }
+
+    class User
+    {
+        private LoginState $loginState;
+
+
+        public function getLoginLinkSignatureProperties(): array
+        {
+            return [
+                'login_state' => $this->loginState,
+            ];
+        }
+    }
+
+
+When the ``LoginState`` changes (e.g. from ``ACTIVE`` to ``PASSWORD_RESET``),
+all previously generated login links for that user become invalid automatically.
+
 Configure a Maximum Use of a Link
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~