New in Symfony 2.8: Guard authentication component

November 4, 2015 · Published by Avatar of Javier Eguiluz Javier Eguiluz

Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.

Ryan Weaver

Contributed by
Ryan Weaver
in #14673.

The Symfony Security component is divided into two main parts: authentication and authorization. The authorization subsystem checks whether the user has permission to access the given resource. This system is related to roles and voters and is both powerful and simple to use.

The authentication subsystem checks the user identity through any of the supported methods: username + password, certificates, API tokens, etc. This subsystem is powerful and flexible, but lots of Symfony developers struggle with its complexity.

A new security-related component called Guard aims at simplifying the authentication subsystem. This radical new approach is based on creating just one PHP class that implements GuardAuthenticatorInterface. This interface defines the following seven methods:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
interface GuardAuthenticatorInterface
{
    /**
     * Get the authentication credentials from the request. If you return null,
     * authentication will be skipped.
     *
     * For example, for a form login, you might:
     *
     *      return array(
     *          'username' => $request->request->get('_username'),
     *          'password' => $request->request->get('_password'),
     *      );
     *
     * Or for an API token that's on a header, you might use:
     *
     *      return array('api_key' => $request->headers->get('X-API-TOKEN'));
     */
    public function getCredentials(Request $request);

    /**
     * Return a UserInterface object based on the credentials returned by getCredentials()
     */
    public function getUser($credentials, UserProviderInterface $userProvider);

    /**
     * Throw an AuthenticationException if the credentials returned by
     * getCredentials() are invalid.
     */
    public function checkCredentials($credentials, UserInterface $user);

    /**
     * Create an authenticated token for the given user. You can skip this
     * method by extending the AbstractGuardAuthenticator class from your
     * authenticator.
     */
    public function createAuthenticatedToken(UserInterface $user, $providerKey);

    /**
     * Called when authentication executed, but failed (e.g. wrong username password).
     */
    public function onAuthenticationFailure(Request $request, AuthenticationException $exception);

    /**
     * Called when authentication executed and was successful (for example a
     * RedirectResponse to the last page they visited)
     */
    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey);

    /**
     * Does this method support remember me cookies?
     */
    public function supportsRememberMe();
}

After implementing this interface you'll be able to authenticate users via login forms, Facebook, Twitter or any other OAuth-based service, API tokens, etc. Moreover, you'll be able to customize successful and failure behavior very easily.

Showing a complete example of the Guard component in action is beyond the purpose of this article, but you can read (and help us finish) the work in progress documentation of the component and its official tutorial.

Published in #Living on the edge

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Avatar of Mickaël Andrieu
Mickaël Andrieu said on Nov 4, 2015
Than you Ryan Weaver ! :)
Avatar of Dr. Balazs Tamas Zatik
Dr. Balazs Tamas Zatik said on Nov 4, 2015
Thank you very much Ryan! You did an awesome job. I'm looking forward to seeing Guard authentication in Symfony 2.8. :)
Avatar of Tito Miguel Costa
Tito Miguel Costa Certified said on Nov 4, 2015
Amazing improvement, keep up the great work.
Avatar of Piotr Gołębiewski
Piotr Gołębiewski said on Nov 4, 2015
Great news! Ryan, you're the man! :)
Avatar of Maxime Steinhausser
Maxime Steinhausser Certified said on Nov 4, 2015
This component is awesome. However, there is the same issue as for the PropertyAccess component: the "Code" links on the following pages:
- http://symfony.com/components
- http://symfony.com/components/Guard
are wrong ^^'

It should be https://github.com/symfony/security-guard
Avatar of Javier Eguiluz
Javier Eguiluz Certified said on Nov 4, 2015
@Maxime this should be fixed by now. I'll check it again.
Avatar of Malte Wunsch
Malte Wunsch Certified said on Nov 4, 2015
As one of the struggling developers, I think this looks a really really great. Thanks a lot!
Avatar of Alex Poltarjonok
Alex Poltarjonok said on Nov 5, 2015
Now add google or facebook became very simple! Very good job Ryan!
Avatar of Rui TEIXEIRA
Rui TEIXEIRA said on Nov 5, 2015
That's awesome !
Avatar of Jeremie Poirier
Jeremie Poirier said on Nov 5, 2015
Finally ! Great Job !
Avatar of Sébastien CAUMES
Sébastien CAUMES said on Nov 5, 2015
Very good initiative ! It seems easy to tests and very powerful
Avatar of Loïc Vernet
Loïc Vernet Certified said on Nov 5, 2015
Good, the full system system was too complicated for a basic use.
Avatar of Tomas Votruba
Tomas Votruba said on Nov 9, 2015
@Javier Eguiluz: The "guard" link seems still broken.
Avatar of Marek Pietrzak
Marek Pietrzak Certified said on Nov 13, 2015
Great work Ryan!
@Javier GuardAuthenticatorInterface extends from AuthenticationEntryPointInterface, so there is one more method to implement - start()
Avatar of putera kahfi
putera kahfi said on Dec 4, 2015
amazing, thanks ryan and symfony teams.

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.