Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Security Guard
Assessments

Security Guard Laravel Package

symfony/security-guard

Symfony Security Guard provides a flexible authentication system for Symfony apps. Create custom authenticators for form login, API tokens, and more, with support for user providers, remember-me, and event-driven security flows.

View on GitHub
Deep Wiki
Context7

Getting Started

Start by installing symfony/security-guard via Composer (note: deprecated and archived; consider alternatives like custom authenticators in Symfony 5.3+ with AbstractPreLoadAuthenticator). In legacy apps ( Symfony 3.x–4.x), add the package and create a class implementing GuardAuthenticatorInterface. Implement key methods: getCredentials(), getUser(), checkCredentials(), and optionally onAuthenticationSuccess()/onAuthenticationFailure().

First use case: add custom API key authentication to a stateless firewall. Define a guard that extracts the X-API-Key header, looks up the user by key, and validates it — all within a single, testable class.

Implementation Patterns

  • Separate concerns: Each authenticator handles one login method (e.g., ApiKeyAuthenticator, OAuthAuthenticator). Keeps logic modular and reusable.
  • Stateless flows: For APIs, omit supports() checks on session and return early from onAuthenticationSuccess() to avoid redirects.
  • Use remember_me support: Implement supportsRememberMe() and integrate with the remember_me firewalls to persist tokens.
  • Hybrid handling: Chain multiple guards in one firewall (via guard config) to try multiple auth methods in order (e.g., API key → Bearer token → form login).
  • Unit test first: Write tests for checkCredentials() with mock request/test tokens before wiring into controllers.

Gotchas and Tips

  • ⚠️ Archived & deprecated: Use only in legacy Symfony <5.3 apps. New projects should use AbstractPreLoadAuthenticator (no security-guard dependency) with the “authenticator-based” security system.
  • supports() must be cheap: This method runs on every request for matching firewalls — avoid database calls or heavy logic here.
  • Order matters in guard config: Guards are tried sequentially; place most specific (e.g., API key) before fallback (e.g., form login).
  • Debug with debug:firewall: Run php bin/console debug:firewall to verify guard integration and order.
  • Remember-me pitfalls: If using remember_me, ensure remember_me.secret is set, and implement supportsRememberMe() correctly. Misconfigurations silently break persistence.
  • Return null from onAuthenticationSuccess() for stateless APIs to skip redirect behavior — returning a Response overrides default behavior.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport