This course is still being released! Check back later for more chapters.
Symfony Security: The Basics
Learn Symfony Security basics: users, login, registration, firewalls, access control, roles, and voters — and how Symfony decides who can do what.
About this course
This course is in the planning stages
Security doesn’t have to feel scary. In this course, you’ll learn how to add real authentication and authorization to a Symfony app — step by step, from zero to a fully protected system.
We’ll start by installing and understanding the Security component, then create users, build login and registration forms, and add handy features like “remember me.” From there, you’ll work with roles, firewalls, access control, and how Symfony decides who can do what.
We’ll wrap up by demystifying voters — including one that checks permissions based on a specific object (a “subject”) and another that gives super-admins special powers — so you understand the core building blocks behind Symfony’s authorization system.
By the end, you won’t just know which buttons to press — you’ll understand the fundamentals of how Symfony Security works, so you can confidently protect your apps.
Next courses in the Symfony: The Fundamentals section of the Symfony Track!
6 Comments
Victor
SFCASTS
Sebastian-O
7 days ago
edited
Hey Sebastian,
Thank you for your interest in SymfonyCasts tutorials! Yes, OAuth2 flow is a cool topic to cover. We will definitely cover it, but in further courses. This Security Basics course will not have it, unfortunately.
Meanwhile, could you clarify if you're looking for building a standalone OAuth server for your needs? Because the bundle you're referencing is probably league/oauth2-server-bundle ? If so, we have a standalone course on this topic: https://symfonycasts.com/screencast/oauth .
But in most cases users usually just want an integration with already existent OAuth providers like Facebook, GitHub, SymfonyConnect, etc. where you don't need to spin up and configure your own OAuth2 server for these purposes. If you just want to add social logins on your website - you should take a look at league/oauth2-client instead. Or we would recommend to look at ours knpuniversity/oauth2-client-bundle . And it's implementation should be much easier than creating your own server for OAuth login.
I hope that helps!
Cheers!
Sebastian-O
Victor
6 days ago
Hey Victor, thank you very much. Now I have to check the differences between client- and server-bundle, I was not aware that there are two bundles.
For this new course, I am interested how to config and implement parallel access-methods with Symfony Security (Client-Apps on Smartphone, good old Browser-Login, public Api).
Cheers!
Victor
SFCASTS
Sebastian-O
3 days ago
Hey Sebastian,
You're welcome, unless you need your own custom OAuth provider - you should take a look at the simpler OAuth client bundle that will just help you with integration on existing social networks :)
But what you mentioned is not a simple OAuth-client case, there you will need an authentication/resource server. Unfortunately we won't cover this complex case in this Security basics course, but I think our https://symfonycasts.com/screencast/oauth course may help you with planning. I would recommend you watch that :)
I hope that helps!
Cheers!
This is one of my favorites. Can’t wait to see it.
On the other hand, It would be amazing to have some guidance about SSO.
Victor
SFCASTS
john-erney-rojas
1 month ago
Hey John,
Thank you for your interest in SymfonyCasts tutorials! We plan it to be a short course, but SSO is a good thing to talk about, that's why we will plan to do several mini courses after this basic one related to security, and SSO would be good to be mentioned there for sure.
Thank you for your patience and understanding!
Cheers!
I wonder if Symfony's security system can compete with OAuth 2 Flow and if you could open the new tutorial to this topic. Tried to integrate league/OAuth2-Bundle, but it's hard to understand, which Auth-steps can be performed by symfony security and which better with OAuth2-Bundle. (Given that whole Authenticatiom remains on the one Symfony-project without external Auth-Providers).