This is mostly for myself as a reminder, as the info is scattered to hell wont have it, because that is the dysfunctional symfony way. The most frustrating part of Symfony is Authentication because the information is scattered all over between articles, symfonycasts etc. just all over, like you couldn’t scatter it more all over, all, all over like a unicorn farting out rainbow sprinkles.You won’t find shittier documentation on any subject anywhere on the internet.
There are two versions of authentication an old one and a new one. The old one uses Authentication providers the new one users just Authetincators. No one but the authors of Symfony know WTF the difference is though.
Note : to add confusion Symfony refers to what you usually call Sessions as Tokens FFS.
First off a list of files involved in the login process :
- The login form obviously app/templates/security/login.html.twig
- A security controller app/src/Controller/SecurityController.php
- A user Provider aka the User entity class app/src/Entity/User.php
- An Authenticator app/src/Security/LoginFormAuthenticator.php
When a user requests /login Symfony first calls LoginFormAuthenticator.php to check to see if the user is logged in/authenticated so the work is not done in the controller like most other actions. To change, add, remove anything from the authentication process you make changes in the LoginFormAuthenticator.php methods.
There is a new experimental Authentication system it still uses authenticators but a slightly different process.
This authenticator is listed in the app/config/packages/security.yaml file under firewalls:main:guard:athenticators as
Every time a request is made the firewall will use the authenticator listed to try to authenticate the user. If authentication fails Symfony secretly behind the scenes tries other ways to authenticate the user as you can see in the image below.
As you can see in the image above Symfony will try your guard you listed in the configuration file, but it also tries it’s own secret list of default authenticators.
For information about the login form see this article in the scatterdocs. A little more info about the login form and process from the Symfony Spaghetti docs.