Contributed by
Robin Chalas
in #41247.
In Symfony 5.1 we introduced a new security authentication system as an
experimental feature. Twelve months after its introduction, and having been
tested by many developers in real applications, we’re confident enough to mark
it as stable and recommend using it in all Symfony applications.
That’s why we made the decision to deprecate the old authentication mechanism
and also deprecate the Guard component in Symfony 5.3. This change came a
bit late (during the Release Candidate phase) and some of you might be unaware of it.
The new authentication system changes the internals of Symfony security to make
it more extensible and more understandable. It’s mostly backwards compatible
with the previous Guard-based system, with some important exceptions:
- Anonymous users no longer exist;
- If you use more than one authenticator, you must configure the authentication
entry point; - The authentication providers are refactored into Authenticators.
All this is explained in the new authentication system docs, which also
explains how to create your own custom authenticator.
Thanks to these changes, we’re finally happy with the Symfony security
authentication system, and we hope to use it to implement many interesting new
features in upcoming Symfony versions.
Sponsor the Symfony project.