I am using Basic Auth in my API (Silex), an endpoint receives user+pw from client, validates the user via basic auth and then returns the token to be used for further requests. Now when my app makes an AJAX call, if the credentials are right, everything works smooth. If the credentials are wrong, the API returns a 401 and a set WWW-Authenticate header. This causes the browsers to automatically show the default browser login form.
I don't want that to happen. In StackOverflow, they say the only two solutions are to either return a 400 instead of a 401, or to change the WWW-Authenticate header to something like 'FormBased'.
Both the statusCode is set to 401 and the WWW-Authenticate to "Basic ..." in the BasicAuthenticationEntryPoint.php in the Security Component.
If I apply the changes there, it works... but I need to have that as part of my project ofc... How should I overwrite Symfony\Component\Security\Http\EntryPoint\BasicAuthenticationEntryPoint.php to adapt it to my needs? any idea if there's a workaround? I understand this should be a very common problem, how is it generally solved?
Ok so here's what I did in case someone wonders:
First in my Security folder, I created my own version of the BasicAuthenticationEntryPoint.php
Note that I did two things:
Second, I defined the service in my Silex Application like so:
'main' being my firewall name.
Obviously, I also added the use at the top of the Application.php: