[Flow] Policy.yaml - Could not authenticate any token

Bastian Waidelich bastian at typo3.org
Tue Jun 2 14:08:37 CEST 2015 

On 01.06.15, at 14:11, Stefan Bruggmann wrote:

Hi Stefan,

> I wanted to implement some async notification functions, but gets errors
> if I'm trying to restrict these notifications to Neos User.. ;)
> The source:
> https://github.com/sbruggmann/WebExcess.Notifications/tree/develop

Nice feature! ;)

> A JS-Interval requests the defined Route and executes the returned JS-Code.
> [...] Ends in the error:
>
> Might be missing or wrong credentials or no authentication provider
> matched [...]

One feature of Flows Security Framework is that multiple accounts can be 
authenticated at the same time. In order to define which authentication 
provider should be involved, those can be bound to so called 
"RequestPatterns"[1].

The error message basically tells you that none of the configured 
request patterns match the request.

Tip: To see at a glance which providers & patterns are configured, you 
can use the "configuration:show" CLI command:
./flow configuration:show --type Settings --path 
TYPO3.Flow.security.authentication.providers


By default TYPO3.Neos comes with a pre-configured authentication 
provider called "Typo3BackendProvider" that only matches requests to the 
Neos controllers: 
'TYPO3\Neos\Controller\.*|TYPO3\Neos\Service\.*|TYPO3\Media\Controller\.*' 
[2]

If you include your controller to that pattern in your packages 
Settings.yaml, everything should work as expected:

TYPO3:
   Flow:
     security:
       authentication:
         providers:
           'Typo3BackendProvider':
             requestPatterns:
               controllerObjectName: 
'TYPO3\Neos\Controller\.*|TYPO3\Neos\Service\.*|TYPO3\Media\Controller\.*|WebExcess\Notifications\Controller\NotificationController'

Just make sure that the package dependencies are correct so that your 
package settings actually override those of the TYPO3.Neos package.


HTH

[1] 
http://docs.typo3.org/flow/TYPO3FlowDocumentation/latest/TheDefinitiveGuide/PartIII/Security.html#request-patterns

[2] 
https://git.typo3.org/Packages/TYPO3.Neos.git/blob/HEAD:/Configuration/Settings.yaml#l24


-- 
Bastian Waidelich

More information about the Flow mailing list