From 8460e85840ea2d19fea278c948faca6bdc146dd5 Mon Sep 17 00:00:00 2001
From: Christian Schaefer <caefer@ical.ly>
Date: Mon, 14 Mar 2011 07:08:30 -0700
Subject: [PATCH 1/3] Instead of returning the last token provided return the
 first.

In case of multiple supporting providers the authentication will be attempted several times.
This happens with the current FacebookBundle for example but could happen with others too. The result was that the first provided token held all appropriate roles while a second one did not.
---
 .../Core/Authentication/AuthenticationProviderManager.php        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
index 1d85e87c67..2e8b535a05 100644
--- a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
+++ b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
@@ -59,6 +59,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
 
             try {
                 $result = $provider->authenticate($token);
+                break;
             } catch (AccountStatusException $e) {
                 $e->setExtraInformation($token);
 

From 87502fbb07b753971244df11b631f346ed1f7c32 Mon Sep 17 00:00:00 2001
From: Christian Schaefer <caefer@ical.ly>
Date: Mon, 14 Mar 2011 09:38:51 -0700
Subject: [PATCH 2/3] Followed Johannes advice to only break when the resulting
 token is not null.

---
 .../Core/Authentication/AuthenticationProviderManager.php     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
index 2e8b535a05..a2b0104af1 100644
--- a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
+++ b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
@@ -59,7 +59,9 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
 
             try {
                 $result = $provider->authenticate($token);
-                break;
+                if (null != $result) {
+                    break;
+                }
             } catch (AccountStatusException $e) {
                 $e->setExtraInformation($token);
 

From a34f5588a30fd7544e63cf4191b367572a6aec80 Mon Sep 17 00:00:00 2001
From: Christian Schaefer <caefer@ical.ly>
Date: Mon, 14 Mar 2011 09:39:40 -0700
Subject: [PATCH 3/3] more verbose checking

---
 .../Core/Authentication/AuthenticationProviderManager.php       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
index a2b0104af1..3cc779e2f3 100644
--- a/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
+++ b/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php
@@ -59,7 +59,7 @@ class AuthenticationProviderManager implements AuthenticationManagerInterface
 
             try {
                 $result = $provider->authenticate($token);
-                if (null != $result) {
+                if (null !== $result) {
                     break;
                 }
             } catch (AccountStatusException $e) {