Black Friday 2022 Offers 30% discount in SymfonyInsight yearly business plan (offer ends today)


Edit this page


This bundle provides two-factor authentication (2FA) for Symfony applications.

SchebTwoFactorBundle Logo

The Authentication Process with Two-Factor Authentication

What changes when you add two-factor authentication to your application?

The bundle hooks into the security layer and listens for authentication events. When a user login appears and the user has two-factor authentication enabled, access and privileges are temporarily withheld, putting the authentication status into an intermediate state. The user is challenged to enter a valid two-factor authentication code. Only when that code is entered correctly, the associated roles are granted.

Authentication process

To represent the state between login and a valid two-factor code being entered, the bundle introduces the role-like attribute IS_AUTHENTICATED_2FA_IN_PROGRESS, which can be used in is_granted() calls. IS_AUTHENTICATED_FULLY is – just like roles – withheld until the two-factor authentication step has been completed successfully.


Want to contribute to this project? See in the repository.


For information about the security policy and know security issues, see in the repository.


SchebTwoFactorBundle is available under the MIT license.

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.