The Symfony Security Component is an important tool in many web applications. Symfony 6 has seen an overhauled authenticator system providing a base both for out of the box authentication mechanisms as well as extensions points for customizations.

The workshop kicks off with an overview of the authenticator mechanism, how it works in a classic form authentication, and how to build your own authenticator to support simple JWT auth. We also touch on some point that sometimes get swept under the rug when first learning about the security layer: CSRF protection, protection from timing attacks etc.

In the second part we will talk about two factor authentication in Symfony. Topic will include the theoretical background how things like OTP in general and TOTP work, and how to practically use them in Symfony using and customizing existing libraries.

Prerequisites: You should feel comfortable around a basic generic Symfony project: How to install the framework using Flex and run it locally, how to configure routes, how controllers and templates work. Deeper knowledge of the Service Container configuration can help, but will not be mandatory.