2 files changed, 9 insertions, 1 deletions

diff --git a/Guard/GuardAuthenticatorInterface.php b/Guard/GuardAuthenticatorInterface.php
index dba8d09..f6405e9 100644
--- a/Guard/GuardAuthenticatorInterface.php
+++ b/Guard/GuardAuthenticatorInterface.php
@@ -8,6 +8,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 
 /**
@@ -67,7 +68,7 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface
      * @see AbstractGuardAuthenticator
      * @param UserInterface $user
      * @param string $providerKey The provider (i.e. firewall) key
-     * @return TokenInterface
+     * @return GuardTokenInterface
      */
     public function createAuthenticatedToken(UserInterface $user, $providerKey);
 
diff --git a/Guard/Provider/GuardAuthenticationProvider.php b/Guard/Provider/GuardAuthenticationProvider.php
index aa9a78d..524d7fe 100644
--- a/Guard/Provider/GuardAuthenticationProvider.php
+++ b/Guard/Provider/GuardAuthenticationProvider.php
@@ -65,6 +65,13 @@ class GuardAuthenticationProvider implements AuthenticationProviderInterface
              * we will return an AnonymousToken to accomplish that.
              */
 
+            // this should never happen - but technically, the token is
+            // authenticated... so it could jsut be returned
+            if ($token->isAuthenticated()) {
+                return $token;
+            }
+
+            // cause the logout - the token is not authenticated
             return new AnonymousToken($this->providerKey, 'anon.');
         }