IDCI-Consulting · dearaujoj · Jan 25, 2026
diff --git a/Security/Authenticator/KeycloakAuthenticator.php b/Security/Authenticator/KeycloakAuthenticator.php
@@ -37,14 +37,16 @@ public function authenticate(Request $request): Passport
     {
         $client = $this->getKeycloakClient();
         $accessToken = $this->fetchAccessToken($client);
+        $keycloakUser = $client->fetchUserFromToken($accessToken);
+        $username = $keycloakUser->getPreferredUsername();
         if (null === $accessToken) {
             // The token header was empty, authentication fails with HTTP Status
             // Code 401 "Unauthorized"
             throw new CustomUserMessageAuthenticationException('No access token provided');
         }
 
         return new SelfValidatingPassport(
-            new UserBadge($accessToken->getToken(), function() use ($accessToken) {
+            new UserBadge($username, function() use ($accessToken) {
                 return $this->userProvider->loadUserByIdentifier($accessToken);
             })
         );