Symfony Authentication: What's Next? (Meetup AFUP Poitiers 12/12/24)

Slide 1

Slide 1 text

Symfony Authentication What’s Next?

Slide 2

Slide 2 text

Robin Chalas github.com/chalasr chalasr.bsky.social x.com/chalas_r PHP Consultant / Symfony Core Team / baksla.sh Co-founder

Slide 3

Slide 3 text

How it started

Slide 4

Slide 4 text

Authentication Listeners

Slide 5

Slide 5 text

Somewhat Flexible Very Complicated

Slide 6

Slide 6 text

Guard Authenticators Thanks Ryan 🧡

Slide 7

Slide 7 text

Much simpler, more flexible.

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

Authentication system does not play well with modern authentication flows. Problem

Slide 10

Slide 10 text

How about login by email?

Slide 11

Slide 11 text

Fixed.

Slide 12

Slide 12 text

How about passwordless? e.g. login links

Slide 13

Slide 13 text

Fixed.

Slide 14

Slide 14 text

Time to revisit authenticators.

Slide 15

Slide 15 text

👋 Authenticator Manager New event-based authenticator system. Simplified API with improved foundations. Thanks Wouter 💚

Slide 16

Slide 16 text

Cool. What’s Next?

Slide 17

Slide 17 text

People need stateless, token-based authentication for complex systems.

Slide 18

Slide 18 text

Bearer Authenticator

Slide 19

Slide 19 text

OpenID Connect

Slide 20

Slide 20 text

CAS 2.0

Slide 21

Slide 21 text

Stateless CSRF Protection

Slide 22

Slide 22 text

People also need more control when using the authentication system.

Slide 23

Slide 23 text

Programmatic Login

Slide 24

Slide 24 text

Programmatic Logout

Slide 25

Slide 25 text

Upcoming features

Slide 26

Slide 26 text

Built-in Stateless Logout

Slide 27

Slide 27 text

OAuth2 Token Introspection

Slide 28

Slide 28 text

OIDC Discovery

Slide 29

Slide 29 text

OIDC Token Encryption

Slide 30

Slide 30 text

Plug & Play, full-featured OpenID Connect authentication. Goal

Slide 31

Slide 31 text

Goodbye eraseCredentials()

Slide 32

Slide 32 text

European commission cuts $27 Million of Free Software’s 2025 budget. No more EU-sponsored hackday anytime soon :/ Bad news https://fsfe.org/news/2024/news-20240911-01.en.html

Slide 33

Slide 33 text

Tidelift cuts 50% of PHP projects’ base-level funding. Bad news

Slide 34

Slide 34 text

The Symfony Core Team needs time & strength to move forward contributions.

Slide 35

Slide 35 text

You can help! Good news https://symfony.com/doc/current/contributing/code/core_team.html https://symfony.com/sponsor https://github.com/sponsors/chalasr https://opensourcepledge.com

Slide 36

Slide 36 text

Merci 🍻