Introducing Guard: Symfony Security with a Smile
Written by weaverryan, and Leannapelham
Tip
tl;dr Guard is a new library that makes Symfony authentication a joy. And we've written a big tutorial all about it: KnpUGuard Tutorial.
Symfony's authorization system - the stuff related to voters and roles - is awesome. It's simple, it kicks butt, and it's one of my favorite things, just behind fresh-baked cookies.
But then there's that other part: authentication. This is how you login: maybe with a form or via OAuth, like Facebook login. This part is probably the single worst part of Symfony. It's over-engineered, hard to customize and no fun to work with.
Examples? Creating a form login is easy, but customizing how you load the user or what happens when authentication fails is hard. Creating an API token is pretty easy, assuming you understand what a "token" is and you don't need multiple authentication methods. And how would you handle Facebook login? Fortunately, HWIOAuthBundle exists, but it has a lot of security classes to make this happen.
This problem was screaming for a solution. If we could make Symfony's authentication system simple and fun, the whole security system would go from a pain, to a powerful tool.
Introducing Guard Authentication (+ Tutorial)
Hello Guard! (GitHub, Packagist): a tiny library (and bundle) that puts every part of an authentication scheme into one place: GuardAuthenticatorInterface. To create your custom authentication system, just make one class, implement this interface, fill in the methods and celebrate with a milk shake.
Need to customize how you query or load your user? You'll do that in getUser()
.
Have a special way to check passwords or that a token is valid? Do whatever you want
in createAuthenticatedToken()
. Maybe you need to hook into what happens right after
the user successfully authenticates. Just do that in onAuthenticationSuccess()
or onAuthenticationFailure()
for the opposite.
Read the KnpUGuard Tutorial to get started.
This library won't be perfect yet, so if you find any issues or have a use-case that isn't possible, open an issue and let's see if we can improve things.
Why not put Guard into Symfony Itself?
Yes, there is a secret goal behind all of this: to get Guard merged into Symfony. There is a pull request already symfony/symfony#14673, but thanks to KnpUGuard, you don't have to wait for the next version of Symfony. Releasing it now also let's us test and improve things, so that the final version - if it's accepted into Symfony - will be truly great.
So, read the KnpUGuard Tutorial, try it out, and report back. With any luck, Symfony's authentication system will be a tale of The Ugly Duckling.
6 Comments
+1 Yeah, please bring this peace of code to the core of Symfony, if its stable. My first contact with Symfony I was shocked about the authentication stuff and continues until today. It's only a pain! So it's the right and easy way to catch more Symfony friends in future with a simple way to handle auth..
Use it, open up any issues, and star the repository on GitHub. That'll help make it an easy merge into the core of Symfony - so we can get more friends in the future ;)
That looks to be a lot easier to use and work with! I'd love to see some examples of an OAuth login, and even better, the ability to add multiple accounts (Twitter, FB, LinkedIn, whatever) to an existing account, and so be able to login with anything you've previously attached - or by email (even if you may have to be sent a password).
HWIOauthBundle is powerful, but it's really hard to do anything complicated with it. Being able to run through a number of different authenticators will make adding new methods of being able to login very easy.
The OAuth/Social stuff is one of the tutorials on the table of contents - it's *really* important. I totally agree about HWIOAuthBundle - we use it on KnpUniversity, but it's one of the parts of the code that I'm most intimidated by :). Anyways, check back over the next week or so (or follow me or KnpUniversity on twitter) for the OAuth chapter of the tutorial.
Cheers!
Great job, we definitely need something more simple to authenticate in symfony2.
Thank you for this! Working with Symfony authentication, while definitely powerful and customisable, is hardcore. The depth of knowledge required to properly setup authentication mechanisms in Symfony is such that it almost guarantees that anyone new to Symfony and it's inner workings is quite probably making a mess with this part of the system if not shooting themselves in the foot. And even if they do have experience and know what they are doing, it's still not a straightforward experience. Simple is beautiful.