From b4bd380f250651e14e0509c4f51a2ce67aaec013 Mon Sep 17 00:00:00 2001
From: mscherer <dereuromark@web.de>
Date: Fri, 18 Apr 2025 00:48:31 +0200
Subject: [PATCH] Fix design flaw in auth process.

---
 src/Middleware/AuthenticationMiddleware.php | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/Middleware/AuthenticationMiddleware.php b/src/Middleware/AuthenticationMiddleware.php
index e4ae26b9..7bcade06 100644
--- a/src/Middleware/AuthenticationMiddleware.php
+++ b/src/Middleware/AuthenticationMiddleware.php
@@ -85,6 +85,13 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
 
         try {
             $result = $service->authenticate($request);
+            $authenticator = $service->getAuthenticationProvider();
+
+            if ($authenticator !== null && !$authenticator instanceof StatelessInterface) {
+                assert($result->getData() !== null);
+                $service->persistIdentity($request, new Response(), $result->getData());
+            }
+
         } catch (AuthenticationRequiredException $e) {
             $body = new Stream('php://memory', 'rw');
             $body->write($e->getBody());
@@ -104,16 +111,6 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
 
         try {
             $response = $handler->handle($request);
-            $authenticator = $service->getAuthenticationProvider();
-
-            if ($authenticator !== null && !$authenticator instanceof StatelessInterface) {
-                /**
-                 * @psalm-suppress PossiblyNullArgument
-                 * @phpstan-ignore-next-line
-                 */
-                $return = $service->persistIdentity($request, $response, $result->getData());
-                $response = $return['response'];
-            }
         } catch (UnauthenticatedException $e) {
             $url = $service->getUnauthenticatedRedirectUrl($request);
             if ($url) {