repository->findOneBy(['token' => $accessToken])) { throw new BadCredentialsException('Invalid credentials.'); } if($token->getDeletedAt() || ( $token->getExpiresAt() && $token->getExpiresAt() <= new \DateTime() ) ) { throw new CredentialsExpiredException('Token expired.'); } // and return a UserBadge object containing the user identifier from the found token return new UserBadge($token->getOwner()->getId(), function() use($token){ return $token->getOwner(); }); } }