Robin Chalas
github.com/chalasr
chalasr.bsky.social
x.com/chalas_r
PHP Consultant /
Symfony Core Team /
baksla.sh Co-founder
Slide 3
Slide 3 text
How it started
Slide 4
Slide 4 text
Authentication Listeners
Slide 5
Slide 5 text
Somewhat Flexible
Very Complicated
Slide 6
Slide 6 text
Guard Authenticators
Thanks Ryan
🧡
Slide 7
Slide 7 text
Much simpler, more flexible.
Slide 8
Slide 8 text
No content
Slide 9
Slide 9 text
Authentication system does not play well with modern
authentication flows.
Problem
Slide 10
Slide 10 text
How about login by email?
Slide 11
Slide 11 text
Fixed.
Slide 12
Slide 12 text
How about passwordless?
e.g. login links
Slide 13
Slide 13 text
Fixed.
Slide 14
Slide 14 text
Time to revisit authenticators.
Slide 15
Slide 15 text
👋 Authenticator Manager
New event-based authenticator system.
Simplified API with improved foundations.
Thanks Wouter
💚
Slide 16
Slide 16 text
Cool. What’s Next?
Slide 17
Slide 17 text
People need stateless,
token-based authentication
for complex systems.
Slide 18
Slide 18 text
Bearer Authenticator
Slide 19
Slide 19 text
OpenID Connect
Slide 20
Slide 20 text
CAS 2.0
Slide 21
Slide 21 text
Stateless CSRF Protection
Slide 22
Slide 22 text
Upcoming features
Slide 23
Slide 23 text
Built-in Stateless Logout
Slide 24
Slide 24 text
OAuth2 Token Introspection
Slide 25
Slide 25 text
OIDC Discovery
Slide 26
Slide 26 text
OIDC Token Encryption
Slide 27
Slide 27 text
Goodbye eraseCredentials()
Slide 28
Slide 28 text
European commission cuts $27 Million of Free Software’s 2025 budget.
No more EU-sponsored hackday anytime soon :/
Bad news
https://fsfe.org/news/2024/news-20240911-01.en.html
Slide 29
Slide 29 text
Tidelift cuts 50% of PHP projects’ base-level funding.
Bad news
Slide 30
Slide 30 text
The Symfony Core Team
needs time & strength to
move forward contributions.
Slide 31
Slide 31 text
You can help!
Good news
https://symfony.com/doc/current/contributing/code/core_team.html
https://symfony.com/sponsor
https://github.com/sponsors/chalasr
https://opensourcepledge.com