From 69086ac1772b75cb79894f475d2f2c692edb04c5 Mon Sep 17 00:00:00 2001
From: Tomas <norkunas.tom@gmail.com>
Date: Fri, 24 Aug 2018 14:14:55 +0300
Subject: [PATCH] Fix wrong exception used in custom authentication provider
 example

---
 security/custom_authentication_provider.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/security/custom_authentication_provider.rst b/security/custom_authentication_provider.rst
index f1867d74256..916c339b432 100644
--- a/security/custom_authentication_provider.rst
+++ b/security/custom_authentication_provider.rst
@@ -206,7 +206,6 @@ the ``PasswordDigest`` header value matches with the user's password::
     use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
     use Symfony\Component\Security\Core\User\UserProviderInterface;
     use Symfony\Component\Security\Core\Exception\AuthenticationException;
-    use Symfony\Component\Security\Core\Exception\NonceExpiredException;
     use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
     use App\Security\Authentication\Token\WsseUserToken;
 
@@ -259,7 +258,9 @@ the ``PasswordDigest`` header value matches with the user's password::
             // Validate that the nonce is *not* in cache
             // if it is, this could be a replay attack
             if ($cacheItem->isHit()) {
-                throw new NonceExpiredException('Previously used nonce detected');
+                // In a real world application you should throw a custom
+                // exception extending the AuthenticationException
+                throw new AuthenticationException('Previously used nonce detected');
             }
 
             // Store the item in cache for 5 minutes