Table of Contents
This bundle provides two-factor authentication (2FA) for Symfony applications.
- Configuration Reference
- Trusted Devices
- Backup Codes
- Brute Force Protection
- CSRF Protection
- Troubleshooting (common issues)
- How to create a custom two-factor authenticator
- How to handle multiple activated authentication methods
- How to customize conditions when to require two-factor authentication
- How to configure two-factor authentication for an API
- How to create a custom persister
- How to use a different template per firewall
What changes when you add two-factor authentication to your application?
The bundle hocks into security layer and listens for authentication events. When a user login appears and the user has two-factor authentication enabled, access and privileges are temporarily withheld, putting the authentication status into an intermediate state. The user is challenged to enter a valid two-factor authentication code. Only when that code is entered correctly, the associated roles are granted.
To represent the state between login and a valid two-factor code being entered, the bundle introduces the role-like
IS_AUTHENTICATED_2FA_IN_PROGRESS, which can be used in
is – just like roles – withheld until the two-factor authentication step has been completed successfully.
For information about the security policy and know security issues, see SECURITY.md in the repository.