[SecurityBundle] Set translator in AccessTokenAuthenticator in Security bundle config

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_access_token.php

@@ -42,6 +42,7 @@
                 null,
                 null,
             ])
+        ->call('setTranslator', [service('translator')->ignoreOnInvalid()])
 
         ->set('security.authenticator.access_token.chain_extractor', ChainAccessTokenExtractor::class)
             ->abstract()

src/Symfony/Component/Security/Http/Authenticator/AccessTokenAuthenticator.php

@@ -84,6 +84,9 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio
 
         if (null !== $this->translator) {
             $errorMessage = $this->translator->trans($exception->getMessageKey(), $exception->getMessageData(), 'security');
+            if (0 !== preg_match('/[^\x00-\x7F]/', $errorMessage)) {
+                $errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
+            }
         } else {
             $errorMessage = strtr($exception->getMessageKey(), $exception->getMessageData());
         }

src/Symfony/Component/Security/Http/Tests/Authenticator/AccessTokenAuthenticatorTest.php

@@ -13,6 +13,7 @@
 
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\InMemoryUserProvider;
@@ -22,6 +23,7 @@
 use Symfony\Component\Security\Http\Authenticator\AccessTokenAuthenticator;
 use Symfony\Component\Security\Http\Authenticator\FallbackUserLoader;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
 class AccessTokenAuthenticatorTest extends TestCase
 {
@@ -36,6 +38,77 @@ protected function setUp(): void
         $this->userProvider = new InMemoryUserProvider(['test' => ['password' => 's$cr$t']]);
     }
 
+    public function testOnAuthenticationFailureWithTranslatorTranslatesErrorMessage()
+    {
+        $request = Request::create('/test');
+
+        $this->accessTokenExtractor
+            ->expects($this->once())
+            ->method('extractAccessToken')
+            ->with($request)
+            ->willReturn(null);
+
+        $authenticator = new AccessTokenAuthenticator(
+            $this->accessTokenHandler,
+            $this->accessTokenExtractor,
+            $this->userProvider,
+        );
+
+        $translator = $this->createMock(TranslatorInterface::class);
+        $translator
+            ->expects($this->once())
+            ->method('trans')
+            ->with('Invalid credentials.')
+            ->willReturn('Credenciales invalidas.');
+
+        $authenticator->setTranslator($translator);
+
+        $response = null;
+        try {
+            $authenticator->authenticate($request);
+        } catch (BadCredentialsException $e) {
+            $response = $authenticator->onAuthenticationFailure($request, $e);
+        }
+        $this->assertInstanceOf(Response::class, $response);
+        $this->assertEquals('Bearer error="invalid_token",error_description="Credenciales invalidas."', $response->headers->get('WWW-Authenticate'));
+    }
+
+    public function testOnAuthenticationFailureWithTranslatorRevertsTranslationWhenTranslatedMessageContainsNonAscii()
+    {
+        $request = Request::create('/test');
+
+        $this->accessTokenExtractor
+            ->expects($this->once())
+            ->method('extractAccessToken')
+            ->with($request)
+            ->willReturn(null);
+
+        $authenticator = new AccessTokenAuthenticator(
+            $this->accessTokenHandler,
+            $this->accessTokenExtractor,
+            $this->userProvider,
+        );
+
+        $nonAsciiString = 'Credenciales inválidas.';
+        $translator = $this->createMock(TranslatorInterface::class);
+        $translator
+            ->expects($this->once())
+            ->method('trans')
+            ->with('Invalid credentials.')
+            ->willReturn($nonAsciiString);
+
+        $authenticator->setTranslator($translator);
+
+        $response = null;
+        try {
+            $authenticator->authenticate($request);
+        } catch (BadCredentialsException $e) {
+            $response = $authenticator->onAuthenticationFailure($request, $e);
+        }
+        $this->assertInstanceOf(Response::class, $response);
+        $this->assertEquals('Bearer error="invalid_token",error_description="Invalid credentials."', $response->headers->get('WWW-Authenticate'));
+    }
+
     public function testAuthenticateWithoutAccessToken()
     {
         $this->expectException(BadCredentialsException::class);