BetterAuth for Symfony

Modern authentication bundle for Symfony with API/session/hybrid modes, token rotation, OAuth, 2FA, and optional multi-tenant features.

TL;DR

composer require betterauth/symfony-bundle
php bin/console better-auth:install
php bin/console better-auth:setup-features --preset=full --with-controllers --migrate

Then check generated routes:

php bin/console debug:router | grep auth

Compatibility

• PHP: ^8.4
• Symfony: ^6.4 | ^7.0 | ^8.0
• API Platform: ^4.0
• Doctrine ORM: ^3.0
• Doctrine Migrations Bundle: ^4.0
• Databases tested in CI:

1. PostgreSQL
2. SQLite
3. MySQL
4. MariaDB

Database URLs

Use one of these DATABASE_URL values:

# PostgreSQL
DATABASE_URL=postgresql://app:secret@127.0.0.1:5432/app?serverVersion=16&charset=utf8

# SQLite
DATABASE_URL=sqlite:///%kernel.project_dir%/var/data.db

# MySQL
DATABASE_URL=mysql://app:secret@127.0.0.1:3306/app?serverVersion=8.4&charset=utf8mb4

# MariaDB
DATABASE_URL=mysql://app:secret@127.0.0.1:3306/app?serverVersion=mariadb-11.0.2&charset=utf8mb4

Main Console Commands

• better-auth:install
• better-auth:setup-features
• better-auth:add-controller
• better-auth:user-fields
• better-auth:configure
• better-auth:switch-mode
• better-auth:generate-config
• better-auth:generate-secret
• better-auth:setup:dependencies
• better-auth:setup:logging
• better-auth:config:update
• better-auth:publish-templates
• better-auth:cleanup:sessions
• better-auth:cleanup:tokens

Documentation

Start here:

• Documentation Index
• Installation
• Configuration

Most-used guides:

• API Mode
• Session Mode
• Hybrid Mode
• OAuth Providers
• Two-Factor Auth (TOTP)
• Security Guide
• Testing
• Migration Guide
• Entity Customization
• Controllers
• Advanced Customization

Security Note

This bundle uses Paseto V4 and supports hardening through configuration, rate limiting strategy, and security monitoring options. For production hardening checklist, see docs/11-SECURITY.md.

License

MIT. See LICENSE.