Skip to main content

Advanced Symfony Security Workshop

Andreas Hucks

The Symfony Security Component is an important tool in many web applications. Symfony 6 has seen an overhauled authenticator system providing a base both for out of the box authentication mechanisms as well as extensions points for customizations.

The workshop kicks off with an overview of the authenticator mechanism, how it works in a classic authentication form, and how to build your own authenticator to support simple JWT auth. We also touch on points that sometimes get swept under the rug when first learning about the security layer: CSRF protection, protection from timing attacks etc.

In the second part we will talk about two factor authentication in Symfony. The topic will include the theoretical background how things like OTP in general and TOTP work, and how to practically utilize them in Symfony using and customizing existing libraries.

Prerequisites and preparation

Please note that we will use a Docker Setup in this workshop. To minimize setup time during the workshop, and to save the conference network from huge downloads, please make sure you prepare the following steps before attending the workshop - better yet, before even travelling to the conference:

  • Install a current version of Docker and Docker Compose
  • Clone this repository (
  • Run make init (if you have make on your system) or docker compose build --pull --no-cache && docker compose up --detach
  • Enter the container using make sh (or docker compose exec php sh) and run composer install and bin/console d:m:m -n to bootstrap the application

Detailed setup instructions can be found in the workshop repository here:

Andreas Hucks

Andreas Hucks

QOSSMIC, Germany
A PHP enthusiast and a CTO at QOSSMIC, Andreas has been a Symfony community member for 16 years. As a developer, he was involved in countless Symfony projects. As a trainer, he has 10+ years of experience in running dev workshops.

To make this website run properly and to improve your experience, we use cookies. For more detailed information, please check our Cookie Policy.

  • Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.