Pass TwoFactorTokenInterface to PreferredProviderInterface

[danielburger1337]

It would be helpful to pass the current token context to the PreferredProviderInterface::getPreferredTwoFactorProvider() method so that we can make decisions on what provider should be preferred when the preferred one is unavailable.

My use case is that I have a custom passkey provider and I also allow users to sign in with a passkey. Through a token attribute which I check in my TwoFactorProvider, I disable passkey support for users that originally authenticated with the passkey.

When passkey is the users preferred two factor provider and now the provider is blocked, the default provider order is used.

This is kinda suboptimal because "email" is before "totp" and will send an email on request. It would be better to then fallback to the TOTP provider so that a potentially unnecessary email is not sent.

An alternative would be to somehow allow to configure the order of providers, but that would require an extensive change to the codebase.

[scheb]

Can't just change this, because it's a breaking change.

In my opinion, the interface should stay as simple as possible, since it's meant to be implemented in the user entity and return the user's preference. It's not really meant to contain a lot of complex business code.

The better solution would probably be to extract this piece of code

2fa/src/bundle/Security/TwoFactor/Provider/TwoFactorProviderInitiator.php

Lines 58 to 75 in 7990826

	private function setPreferredProvider(TwoFactorTokenInterface $token, object $user): void
	{
	if (!($user instanceof PreferredProviderInterface)) {
	return;
	}
	$preferredProvider = $user->getPreferredTwoFactorProvider();
	if (!$preferredProvider) {
	return;
	}
	try {
	$token->preferTwoFactorProvider($preferredProvider);
	} catch (UnknownTwoFactorProviderException) {
	// Bad user input
	}
	}
	}

into a service, which can be overwritten via config for the case when you'd need to inject your own custom logic.