Built-in Symfony Events – this covers some of how events work in Symfony and the basic default events that fire with every request.
The HTTP kernel component – This gets to the core of Symfony and it’s event system. The kernel is driven by events. This also covers the basic flow of events that symfony follows when a request enters the system.
Authentication/Authorization these terms are often confused. Here I will clarify them.
Authentication — Login, proving who a user is one way or another. After a user is logged into a system a session cookie is usually created to re-authenticate the user so they don’t have to login every single page view.
Authorization — Can a user view or access something once Authenticated? Authorization includes things like administration panel access, viewing a users profile or post or media etc.
One thing you will want to do is view your current security settings to do so you use this command. php bin/console debug:config security
Old symfony cookbook security entry – This is an ancient link to nearly the very beginning of symfony. This explains the mechanics of the Symfony security system if you are like me and just want to know how the hell this functions so you can feel confident in the system and be able to diagnose and fix issues.
More on Security – this is another ancient link like above, it explains the system.
Symfony cast covering firewall and authentication and how it works. This has lots of info that should be directly in the documentation.
Security configuration reference -> not complete listing of some of the values you can set. If you run the debug:config command above you will see more values you can set, but good luck figuring out what they do.
How to restrict firewalls to a request -> symfony docs. This talks about using multiple firewalls and how the Symfony firewall system works like a waterfall trying one firewall after another until it finds one that works or uses the last firewall listed. This also explains some of the options to the firewall. This basically shows how to use multiple firewalls.
Symfony cast about security – this covers the entire system. Some things have changed in version 5 but this is mostly correct and serves as a starting point.
Security user providers – Part of the Firewall/Authentication/Authorization system is something called security providers. User providers check the users identity from a session cookie to verify the user. This part of the documentation talks about how the firewall uses the User providers to authenticate the user after they have logged in.