The Symfony Security Component is an important tool in many web applications. Symfony 6 has seen an overhauled authenticator system providing a base both for out of the box authentication mechanisms as well as extensions points for customizations.
The workshop kicks off with an overview of the authenticator mechanism, how it works in a classic authentication form, and how to build your own authenticator to support simple JWT auth. We also touch on points that sometimes get swept under the rug when first learning about the security layer: CSRF protection, protection from timing attacks etc.
In the second part we will talk about two factor authentication in Symfony. The topic will include the theoretical background how things like OTP in general and TOTP work, and how to practically utilize them in Symfony using and customizing existing libraries.
Prerequisites and preparation
Please note that we will use a Docker Setup in this workshop. To minimize setup time during the workshop, and to save the conference network from huge downloads, please make sure you prepare the following steps before attending the workshop - better yet, before even travelling to the conference:
- Install a current version of Docker and Docker Compose
- Clone this repository (https://github.com/meandmymonkey/websummercamp2023)
- Run make init (if you have make on your system) or docker compose build --pull --no-cache && docker compose up --detach
- Enter the container using make sh (or docker compose exec php sh) and run composer install and bin/console d:m:m -n to bootstrap the application
Detailed setup instructions can be found in the workshop repository here: https://github.com/meandmymonkey/websummercamp2023