Deny access to app if user is deleted

config/packages/security.yaml

@@ -36,6 +36,7 @@ security:
             stateless: true
             oauth2: true
         main:
+            user_checker: App\Security\UserChecker
             lazy: true
             provider: app_user_provider
             form_login:

src/Security/UserChecker.php

@@ -0,0 +1,23 @@
+<?php
+// src/Security/UserChecker.php
+namespace App\Security;
+
+use Symfony\Component\Security\Core\User\UserCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
+
+class UserChecker implements UserCheckerInterface
+{
+    public function checkPreAuth(UserInterface $user): void
+    {
+        // runs before password is checked
+    }
+
+    public function checkPostAuth(UserInterface $user): void
+    {
+        // runs after credentials are validated
+        if (method_exists($user, 'isDeleted') && $user->isDeleted()) {
+            throw new CustomUserMessageAccountStatusException('Votre compte a été supprimé.');
+        }
+    }
+}