Symfony 5 Security: Authenticators
Offered By: SymfonyCasts
Course Description
Overview
It's security time! Symfony 5.3 comes with a reimagined version of its security system and I ❤️it! Yes, it's still super flexible & dependable. But the "guts" have been streamlined and simplified, making it easier to get your job done and giving you readable code if you need to dive into the core.
In this course, we'll go from an introduction into Symfony security into a full-blown application with users, permissions, custom voters and multiple ways to authenticate:
- Generating your User class with make:user
- Security & Firewall Fundamentals
- Creating a custom login form with an authenticator
- Passport object & Badges
- CSRF protection
- API token authentication system
- User Providers (why you need them, but don't care)
- Password Hashing
- Logging out!
- Protecting entire URLs with access_control(s)
- IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED, PUBLIC_ACCESS
- Checking access with roles! ROLE_USER
- Denying access in a controller
- Voters & Complex Permissions
- Role hierarchies
- Impersonation (switch_user)
- Login throttling
- Automatic Login (after Registration)
- Hooking into security with events!
- Two Factor Auth (2FA)!
So let's make:user & make:auth our way to... make:profit... or at least to a great security system!
Syllabus
- composer require security
- make:user
- Customizing the User Class
- Building a Login Form
- Firewalls & Authenticators
- Authenticator & The Passport
- Custom User Query & Credentials
- Authentication Success & Refreshing the User
- When Authentication Fails
- Customize Error Messages & Adding Logout
- Giving Users Passwords
- Hashing Plain Passwords & PasswordCredentials
- Security Listener System & Csrf Protection
- Remember Me System
- Always Remember Me & "signature_properties"
- Denying Access, access_control & Roles
- The Entry Point: Inviting Users to Log In
- AbstractLoginFormAuthenticator & Redirecting to Previous URL
- form_login: The Built-in Authenticator
- More form_login Config
- Denying Access in a Controller
- Dynamic Roles
- The Special IS_AUTHENTICATED_ Strings
- Fetching the User Object
- Custom User Methods & the User in a Service
- Role Hierarchy
- Impersonation: switch_user
- User API & the Serializer
- To use API Token Authentication or Not?
- Registration Form
- Manual Authentication
- Making Questions owned by Users
- Leveraging the Question Owner
- Voters
- Custom Voter
- Verify Email after Registration
- Verifying the Signed Confirm Email URL
- Login Throttling & Events
- Security Events & Listeners
- Creating a Security Event Subscriber
- Custom Redirect when "Email Not Verified"
- 2 Factor Authentication & Authentication Tokens
- 2fa with TOTP (Time-Based One Time Password)
- Activating 2FA
- Rendering the QR Code
- QR Data & Scanning with an Authenticator App
- Customize The 2-Factor Auth Form
Taught by
Ryan Weaver
Related Courses
API Platform 3 Part 3: Custom ResourcesSymfonyCasts API Platform 3 Part 2: Security for your Treasures
SymfonyCasts Dependency Injection and the art of services and containers
SymfonyCasts Mastering Doctrine Relations
SymfonyCasts EasyAdmin! For an Awesomely Powerful Admin Area
SymfonyCasts