Since Symfony 4.0 getCredentials() responsibilities has been split into 2 methods:

// BEFORE
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
 
class TokenAuthenticator extends AbstractGuardAuthenticator
{
    public function getCredentials(Request $request)
    {
        if (!$token = $request->headers->get('X-AUTH-TOKEN')) {
            return null;
        }
 
        return ['token' => $token];
    }
}
 
// AFTER
class TokenAuthenticator extends AbstractGuardAuthenticator
{
    public function supports(Request $request)
    {
        return $request->headers->has('X-AUTH-TOKEN');
    }
 
    public function getCredentials(Request $request)
    {
        return ['token' => $request->headers->get('X-AUTH-TOKEN')];
    }
}